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Welcome to the Novell 
BrainShare Europe 2004 
issue. This is an exciting 
time for Novell. With the 
highly anticipated release 

of SUSE LINUX Enterprise 
Server 9 and the anticipated 
Novell Linux Desktop on 
the horizon, Novell is 
making good on its 
commitment to offer quality 
products for Linux that not 
only make good business 
sense, but make life much 
easier from the user desktop 
to the server room. 


LEADOFF 


So what do CIOs think about Linux? We asked ourselves that question and then asked some 
CIOs. We were pleased with what we found, but not surprised. Get the scoop in What CxOs 
Think About Linux where we look at business life and Linux from the CIO’s perspective. 


SUSE Openexchange Server keeps ARS Altmann moving with centralized application access 
and decreased downtime. Read about its smooth transition from Windows to Linux in A 
Logical Move. 


As the role of IT user support continues to shift from reactive to proactive, there is a growing 
need for strategic processes. In Thinking Ahead we show you the benefits of utilizing the ITIL 
framework to integrate ZENworks functionality that will take your help desk to a whole new 
level. 


Are you, like many other IT professionals, looking for a way to manage your resources in a 
highly complex and diverse environment? Well, search no more! The answer is ZENworks 
Linux Management. The Perfect Match explains why SUSE LINUX and ZENworks Linux 
Management are a match made in heaven. 


Small-business owners everywhere can breathe a sigh of relief. In All In One, you'll see how 
Novell Small Business Suite 6.5 (released February 2004) meets your criteria for network 
software: it’s affordable, easy-to-use, reliable and secure software that simply does its job. 


If you think there’s a shortage of what's available on Linux, you may want to reconsider. In 
Full Steam Ahead, we've compiled a directory of Web sites of Linux products that will blow 
your mind—and this is a condensed version! 


Last issue we showed you Novell’s plan for migrating the entire company from MS Windows 
and Office to Linux and OpenOffice, beginning with phase 1: assessing the number of 
proprietary software licenses and reducing them. Building Blocks details phase 2: the move 
to OpenOffice.org. 


The next wave of identity management is rolling in and Novell Nsure Identity Gateway is 
leading the way. It’s time to take identity management beyond the firewall and include Web 
sites, applications and services of trusted business partners. Read how we're doing it in 
Social Security: The Next Wave Of Identity Management. 


The GroupWise cross-platform client is another example of how Novell is making life simpler. 
Life Support discusses the nuts and bolts of installing, running and configuring this powerful 
messaging tool. 


SUSE LINUX Enterprise Server 9 is the first and only Linux distribution that includes kernel 2.6.5, 
which means many of the benefits offered are not available anywhere else. Relax, It Saves 
You Time walks you through the installation and illustrates how easy it is with YaST—the 
open source, GUI-based management tool that does most of it for you. 


Regards, 


Richard Seibt 
President, Novell Europe, Middle East, Africa 


NOVELL.COM/CONNECTIONMAGAZINE 3 


BOTTOMLINE 


WHAT CXOS THINK ABOUT LINUX 
ClOS AND CTOS LOVE LINUX, ALMOST AS MUCH AS SYSTEM ADMINISTRATORS. 
BUT THEY LOVE LINUX FOR ENTIRELY DIFFERENT REASONS. KNOWING WHAT THEY EXPECT 
FROM LINUX WILL HELP YOU CRAFT YOUR BUSINESS AND TECHNOLOGY VISION. 


MUST HAVE LOOKED DUMB- 
founded. The CIO I was interviewing on 
behalf of SUSE was waxing philosophical 
about why Linux was the greatest thing to 
happen in IT since punch cards went away. 

“Linux is helping me fulfill all my top 
objectives, and for less money. Linux is the 
centerpiece of my technology strategy.” 

I expect such enthusiasm from techies, 
but it is disconcerting when normally even- 
keeled management types become evangelical. 

But this fellow was not the last energetic 
executive I would encounter during my 


interviews of CxOs. Each executive evaluated 
Linux and the their IT 
departments, and had come to the same 
conclusions—that only Linux could achieve 
several key objectives in running their 
departments and contribute to the success of 
their companies. 


impact on 


This belief is pervasive in all industries. 
A survey of ClOs' showed that 53 percent 
planned on open source—particularly 
Linux—being the dominant technology in 
their operations by 2007. My conversations 
with CxOs showed that Linux deployments 
were planned at all levels from mainframes 
down to desktops. This faith in Linux, 
combined with the fact that only 51 percent 
of ClOs think Microsoft is a trustworthy 
vendor’, means even Microsoft's desktop 
monopoly is vulnerable to the Linux 
onslaught. 

CxQs are paid to think strategically. It 
should come as no surprise then that their 
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BY GUY SMITH 


“AND WE LOOK 
AT WAYS TO 
LEVERAGE THIS 
SKILL SET 
CONSOLIDATION. 
WHAT IMPRESSED 
ME WAS HOW 
FAST OUR STAFF 
PICKED UP SUSE 
LINUX” 


RANDY LENGYEL-— 
SENIOR VICE PRESIDENT OF MIS, 
WISCONSIN PHYSICIANS SERVICE 


faith in Linux is based on how it will improve 
their technical and business strategy. When 
it comes to Linux—and specifically SUSE 
LINUX—CxOs believe that four strategic 
aspects of their operations will be affected: 


MAXIMIZING STAFF EFFECTIVENESS: People are 
expensive, and CxOs want to make sure staff 
time is spent wisely. SUSE LINUX helps them 
achieve this on many levels. 


Business acitity: Technology is now the 
centerpiece of competitive firms. Technology 
must adapt quickly to changing business, 
market and competitive realities. CxOs believe 
Linux is the pivotal technology in improving 
IT agility to meet business demands. 


1 CIO.COM, NOVEMBER 2002, “YOUR OPEN SOURCE PLAN” 
2 IDC, APRIL 2004, “IT AND BUSINESS EXECS ARE IN SYNC ABOUT IT SUPPLIERS: WHAT IT MEANS FOR YOUR STRATEGY” 


SIMPLIFYING IT OPERATIONS: Complex operations 
produce inefficiencies and downtime. 
Simplifying operations reduces complexity 
and improves IT support of business, while 
reducing IT cost. SUSE LINUX delivers 
simplified operations on several fronts. 


cost containment: The 1990's saw massively 


wasteful IT spending. CxOs are more 
frugal now, and want to contain costs 
wherever possible so the remaining funds 
can be spent on valuable new capabilities. 
Universally, CxOs perceive Linux as less 
expensive than alternatives. 


FEWER TECHNOLOGIES AND 
SMARTER TEAMS 
One theme was echoed by all the CxOs | 
interviewed: They want fewer technologies 
in-house, and they want their staffs to be 
smarter about those fewer technologies. 
These two issues are deeply interrelated. 
Since IT budgets are finite, you can only 
hire so many technical experts. The average 
IT department currently supports at least 


four operating systems (Windows on the 
desktop, Linux and one or more flavors of 
UNIX for departmental and database servers, 
and a proprietary OS for mainframes or other 
midrange systems). This means there are at 
least four small, specialized groups 
responsible for their particular architecture, 
OS and the software that runs on each. 

The inefficiencies of this approach are 
staggering. Each team knows little if 


anything about the other operating 
systems. This cross-platform ignorance 
leads to the inability to find solutions, 
correct problems and apply human skills 
where they are most needed. 

This is where Linux, and particularly the 
SUSE LINUX approach, are changing the 
strategic view of CxOs. Deploying Linux 
everywhere (or nearly everywhere) is the 
first step in reducing the number of in-house 
technologies and streamlining IT operations. 

Let’s dig a little deeper and see where 
your fellow CxOs are already gaining 
ground by deploying SUSE LINUX. 


MAXIMIZING STAFF EFFECTIVENESS 
People are your most expensive resource. 
Despite recent shifts in outsourcing, you 
still must find, recruit, train and utilize 
experts to meet the demands that business 
places on your department. 

CxOs also realize that their staffs are not 
as effective as they could be. By having to 
employ technicians with widely different 


expertise, individual effectiveness is limited 
in scope and the entire IT staff is hindered 
when responding to demands. CxOs view 
Linux as the centerpiece in reducing the 
number of in-house technologies, and thus 
the number of different areas of expertise in 
their staffs. This strategy achieves two 
related staff skill initiatives: 


SKILL SET CONSOLIDATION 
Deploying fewer technologies means the 
skills shared by IT staffs become consol- 
idated. With a common technical perspective, 
staffs 
through all phases of IT operations. 
Communications will take less time, induce 
fewer mistakes and misunderstandings, and 
response to problems will be expedited. 
Take for example the current situation 


communicate more effectively 


when a problem develops between two 
different architectures. Odds are your 
mainframe administrators don’t view the 
problem or share the vocabulary that your 
UNIX gurus do, and your Microsoft Windows 
administrators cannot communicate effec- 
tively with the AS/400 crew. 

However, if Linux is deployed on most 
platforms, there is a technical lingua franca. 
Several CxOs I have interviewed have taken 
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“SKILL 
PORTABILITY IS 
BECOMING 
MUCH MORE 
IMPORTANT. WE 
USED TO HAVE 
TWO SEPARATE 
OPERATIONAL 
UNITS — ONE 
FOR SERVERS 
AND ANOTHER 
FOR MAIN- 
FRAMES. SUSE 
ON THE 
MAINFRAME 
ALLOWED US 
TO SMASH THE 
GROUPS 
TOGETHER AND 
BEGIN TO 
CROSS-POLL- 
INATE THEIR 
EXPERTISE. 
LINUX 
ALLOWED 

ALL TEAM 
MEMBERS TO 
EXPOSE THEM- 
SELVES TO THE 
MAINFRAME 
AND TO LINUX, 
AND THUS 
COMBINE 
SKILLS.” 


HARRY ROBERTS— 
ClO OF BOSCOV'S 
DEPARTMENT STORES 


advantage of the virtual machine capabilities 
of their midrange and mainframe systems to 
add SUSE LINUX, and use it as the common 
denominator between staffs and the center 
point for all new development. 


SKILL SET PORTABILITY 

When skill sets are not consolidated, skills 
are not portable. Your developers, DBAs and 
administrators can work on their platform of 
expertise, but not on other systems. 

This is a major problem. As a manager, 
you want to assign your best topic experts to 
a task regardless of where the application 
lies. In a perfect world, your programmers 
would be able to develop code on desktops 
or on the big iron. 

CxOs perceive a “Linux everywhere” 
strategy as facilitating skill portability. Using 
SUSE LINUX as the core technology on all 
platforms reduces, or even eliminates, the 
difference between platforms then relatively 
minor variations are easy to learn or assign 
to a few remaining platform experts. 


BUSINESS ON THE MOVE 

The good news is your CEO recognizes the 
value of IT and how technology can make 
your company more agile—better able to 
respond to changes in the market and 
competitive threats. 

This is the bad news too, because IT is 
rapidly becoming the first place the CEO 
turns to when change is needed. CxOs see 
Linux as a source of business agility, both in 


new capabilities it brings as well as how it 
changes their IT organization. 


PLATFORM AND VENDOR CHOICE 

In the bad old days, application sets were 
strongly tied to one hardware vendor or 
platform. This limited the CTO’s selection for 
the best combination of architecture and 
software to meet business demands. They 
were stuck with whatever platform the 
application vendor supported, and should 
that platform ever become insufficient, then 
a painful software migration or porting 
effort were the only options. 

SUSE LINUX was widely adopted by 
CTOs as their strategic platform because of 
SUSE’s leadership on mainframe and 
commodity 64-bit platforms, as well as 
industry standard 32-bit systems. With the 
participation of strategic database vendor 
partners, SUSE was able to give platform 


choice, both in terms of meeting current 
needs, but also in meeting the unknowable 
needs of the future. Thus, when the CEO 


Novell's one Net vision gives you the freedom to choose the best software solutions for your business strategy, without ripping and replacing your current investment. We 
deliver security, networking, Web application development and resource management services on Linux, NetWaree or any other platform you may be running. Also, with 
the acquisitions of SUSE» LINUX and Ximian», Novells can now integrate an end-to-end open source strategy from desktop to server, throughout your enterprise. we'll 
train and certify your IT staff to deploy Linux-based solutions. And we'll provide award-winning technical support, customized for your business, 24/7/365 worldwide. 
For complete flexibility that delivers breakthrough savings, call 1-800-215-2600 or visit www.novell.com/linux @ WE SPEAK YOUR LANGUAGE. 


suse 


©2004 Novell, NetWare and Ximian are registered trademarks of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE AG, a Novell company 


announced a new business initiative, there 
was less worry over what platforms were 
desirable because the application that solved 
the business problem was highly portable 
across SUSE LINUX. 


THE ROLE OF CONSOLIDATED SKILL 
SETS IN BUSINESS AGILITY 

We noted earlier that a primary CxO 
objective was to consolidate IT skill sets. 
This figures prominently in improving IT’s 
agility in response to changing business 
mandates. Two agility-related effects of skill 
set consolidation are deeper understanding 
of fewer technologies being used and skill 
portability. Both improve IT agility. 

Let’s look first at deeper understanding 
of technology. Presently, most IT profes- 
sionals lack a “guru” status. None can invest 
the time in deeply learning any one 
technology, much less the myriad currently 
deployed. Linux drives the process of 
having fewer in-house technologies. The 
staff-level effect of this strategy is to 
provide greater time and training on the few 


All SUSE distributions are built from 
the same source code base, and are 
built and tested using the SUSE 
AutoBuild system. This ensures near 
perfect interoperability and 
application portability. 


FIGURE 1 
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remaining technologies. IT staffs obtain a 
deeper understanding of their operating 
system, selected database engines and 
programming languages. 

In terms of agility, consolidated skill 
sets cause things to happen more quickly. 
Analysis time for new applications drops 
dramatically since everyone in IT can 
collaborate on solution identification or 
creation. Deeper technical understanding 
also accelerates software development, 
streamlining not only coding but also the 
entire development cycle. 

More important though is skill set 
Portability. Technical experts are becoming 
a commodity while business area experts 
are irreplaceable. For example, you can hire 
talented C++ programmers who know Linux 
inside and out—and these people will be 
nearly useless to you if they do not 
understand special aspects of how your 
company does business as well as the 
issues, regulations and competitive realities 
of your industry. 

I once worked in the IT department of 
one of the largest electronics retailers in 
North America, and remain amazed at the 
depth of knowledge about the parts and 
repair services processes in the retail 
industry held by a small number of 
programmers who specialized in a now 
obsolete operating system. These people 
wete irreplaceable, but could not rapidly be 
made productive on the company's other 
in—house operating systems. 

CxOs who have deployed SUSE LINUX 
tell me that skill set portability was part of 
their long-range strategic plan. They plan on 
eliminating barriers to placing the right 
person on the right project when necessary. 
Their application developers will be able to 
cut code on desktops, midrange and 
mainframe computers with little or know 
adciitional training past learning Linux and 
the development tool chain therein. The 
business intelligence that technical experts 
possess becomes instantly useful 
everywhere in the IT department. 


EX PANDED SOLUTION SET 

Cx@Os believe that in the long run, Linux will 
prOvide the richest set of solutions 
available. Their beliefs are well founded. 


“SUSE LINUX IS 
A KNOWN 
QUANTITY, AND 
MADE IT THE 
RIGHT CHOICE. 
SUSE LINUX 
WAS THE 
BIGGEST 
PLAYER IN THE 
MAINFRAME 
MARKET.” 


TOM FISCHER- 

ASSISTANT VICE PRESIDENT 
OF DATA SYSTEMS, 
GUIDEONE INSURANCE 


Vendors strongly support Linux 
because it expands their markets. Before 
SUSE LINUX, a hardware or software 
vendor was tied to a particular platform, 
and their market and revenues were 
limited. Now they can easily multiply their 
revenues with little additional development 
or R&D expense. Other vendors have gone 


one step further by making open source 


key components in their product offerings. 

For IT this means two things: solution 
portability across hardware platforms and 
more choices from more vendors. Thus, 
when business needs create new IT demands, 
the CTO has a broader set of commercial 
alternatives from commercial vendors. 

They also have an extensive and 
growing set of alternatives from the open 
source community. IT staffs are routinely 
tasked with reviewing open source options 
before turning to commercial vendors. 
Often the solution they are looking for is 
included in the 900+ packages on a SUSE 
LINUX distribution CD. 


PORTABLE SOLUTIONS 

One of the biggest fears in IT is solution 
obsolescence. This most often happens 
when an application must be moved to 
another platform—typically for scalability 
reasons. Since SUSE LINUX is built from a 
single source code base, every distribution 
on every supported platform is functionally 


Oracle Database 10g 
$149 Per User 


One CD 
17 minute install 
Easy to use 


Oracle Standard Edition One 
$149 per user or $4995 per processor 
First class database...economy price 


ORACLE 


oracle.com/standardedition 
or call 1.800.633.0753 


Limitations and restrictions apply. Standard Edition One is available with Named User Plus licensing at $149 per user with a 
minimum of five users or $4995 per processor. Licensing of Oracle Standard Edition One is permitted only on servers that have a 
maximum capacity of 2 CPUs per server. 17 minute install is based upon testing on a system with 1x866MHz Inte! CPU, 512 Mb RAM 
running Red Hat Linux 2.1. Actual install times will vary and are dependent on system configurations. For more information, 
visit oracle.com/standardedition 


Copyright © 2004, Oracle Corporation. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. 


“WE WANTED 
TO CONTAIN 
COSTS WHILE 
IMPROVING 
RELIABILITY AND 
SCALABILITY. 
WE’RE DOING 
THAT WITH 
SUSE LINUX 
ENTERPRISE 
EDITION.” 


TOM FISCHER- 


identical and interoperable. This gives CTOs 
the assurance they need in committing to a 
solution set give the ability to port between 
platforms is nearly zero. (See Figure 1.) 


SIMPLIFYING IT OPERATIONS 

IT is a complex business, and with billions of 
dollars transacting through their systems 
daily, the greater the IT complexity, the 
greater the risk. CxOs believe Linux will 
reduce IT complexity, and this will simplify 
and streamline their operations. 

We have already examined how IT staffs 
can be streamlined, their skills growing and 
becoming portable once SUSE LINUX is the 
common operating system. IT complexity is 
reduced on two other important fronts: 


ELIMINATE PLATFORM VARIATIONS 
When multiple operating systems are used, 
each has its variations, even in tools based 
on standards. For example, I have seen 
variations in something as simple as FIP 
clients that made interoperability impossible 
and cross platform scripting useless. 
Wide-scale deployment of SUSE LINUX 
reduces (and possibly eliminates) these 
variations. This applies not only to the 
operating system, but to the development 
tool chain, utilities, third-party applications 
and more. All systems in the network will 
interoperate appropriately, and in the 
process, simplify IT operations. Standard 
operating procedures (SOPs) will be easier to 
write, exceptions. will decline and response 
to unexpected situations will be uniform. 
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NO CROSS-PLATFORM FINGER POINTING 

In a multi-platform environment, things will 
go wrong. Dissimilar machines will refuse to 
cooperate. When they do, your platform 
specialists may refuse to cooperate as well. 

I have witnessed extended cross-platform 
finger pointing sessions between technology 
bigots, all while end users and customers 
were idled. A lack of a common technical 
perspective, a systems lingua franca if you 
will, impeded understanding of the problem 
and a team focused solution process. 

This problem vanishes when SUSE 
LINUX is widely deployed. First, the 
likelihood of interoperability problems is 
greatly diminished. But everyone in your IT 
staff will also contribute to problem 
resolution because every staff member is 
intimate with Linux. This means a short time 
to resolution and less annual application 
downtime costs. 


COST CONTAINMENT 
No discussion of the CxO Linux vision would 
be complete without talking of money. 

It is old news that Linux is less expensive 
than all other alternatives. Only Microsoft 
and their endowed analyst have yet to 
believe. What is interesting though are the 
ways in which CxOs expect Linux to contain 
their technology spending. 


CONTAINING COST, 

NOT REDUCING INVESTMENT 

The first thing I noticed when discussing 
money with CxOs was that they were 
seeking cost containment as much as cost 
reduction. The IT industry has had several 
unpleasant shifts in vendor pricing strategies, 
and CxOs have become wary of committing 
to proprietary operating systems. Thus, CxOs 
are looking for alternatives that contain costs 
now and in the future. 

That is one of the compelling aspects of 
Linux and open source: Any vendor that 
violates trust with their client can be readily 
replaced with relatively little effort and 
This creates a price containment 


expense. 
pressure on Linux distribution vendors, a 


situation CxOs are more than willing to exploit. 

But beyond cost containment CxOs uni- 
versally believe Linux is less expensive in all 
phases of the product life cycle. These include: 


ACQUISITION AND MAINTENANCE: Linux is less 
expensive to buy, and consolidating 
platforms and skills will drive main- 
tenance cost down as well. 

OPERATIONS THROUGH STREAMLINING: Savings 
are forthcoming from IT staffs that do 
their jobs better and from operations 
that are more efficient. 
DEVELOPMENT THROUGH STANDARDIZATION: 
Software development costs drop when 
IT skill sets are consolidated and there 
are few, if any, platform variations 
with which to contend. 
STAFFING SHORTAGES BY CONSOLIDATING SKILLS: 
As their staff skills consolidate, and as 
the industry provides more Linux- 
focused employee candidates, the cost 
and risk of staff shortages drops. 


ERRORS AND Downtime: Consolidated 
skill sets, eliminated cross platform 
variations and deeper expertise —all 
lead to improved operations and less 
downtime expense. 
But this is only possible if the solution is 
universal. That was the very vision behind 
SUSE LINUX. Our early discussions with IT 
thought leaders identified tha 
operating system running on all popular 


a single 


platforms was the key to achieving the 
benefits of consolidation, streamlining and 
cost containment. 
That is why SUSE lead the industry away 
from an x86-server-only mentality, with the 
first production-ready mainframe, midrange 
and desktop solutions. By doing so: 
SUSE LINUX delivers the OS for the 
enterprise 
» SUSE LINU 
and portability of code and skills 
SUSE LINUX provides perfect cross- 
platform interoperability 
SUSE LINUX is backed by the industry 
and the community 


X allows choice of platforms 


CONCLUSION 

The way CxOs view it, Linux is an inevitability. 
There is no hesitation within IT toward 
adopting Linux as the core technology for 
servers, and increasingly, the desktop. 

One waggish CTO said that SUSE LINUX 
“kept the broken UNIX promises” by provid- 
ing a unified technology with which vendors 
and their internal staffs could grow. N 


Unleash Linux! 


We see open, industry-standard 
systems as a key to flexibility 
and growth. That's leading more 
businesses to choose HP systems 
to run Linux. We're helping 
customers integrate Linux into 
business-critical processes, 

and partnering with companies 
like BEA, Oracle and SAP 

to ensure maximum flexibility. 
All so when change arrives, 


you'll be more than ready for it. 


www.hp.conyinfo/linux 


Solutions for the adaptive enterprise. 


O) 


invent 


PROOFPOINT 


A LOGICAL MOVE 
ARS ALTMANN MOVES FROM MICROSOFT WINDOWS TO SUSE OPENEXCHANGE SERVER TO CENTRALIZE 
APPLICATION ACCESS AND REDUCE ADMINISTRATION COSTS BY 70 PERCENT. 


BY LIZ TANNER 


ARS Altmann AG (ARS), headquartered in 
Wolnzach, Germany, is one of Europe’s leading 
automobile logistics companies. ARS repairs, 
stores and transports more than 1.8 million 
vehicles a year for car manufacturers, dealers, 
leasing companies, rental companies and car 
fleet operators. The company has 800 employees 


and annual revenues of 185 million Euros. 
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CHALLENGE 


Almost everyone in Germany who owns a 


car has unknowingly benefited from the car 
logistics services of ARS Altman. The 
company services 12,000 cars a day across 
16 logistics centers in Germany, Eastern 
Europe and Southern Europe, coming in 
contact in some way with a substantial 
number of all cars registered in Germany. 
Maintaining such a gigantic logistical 
capacity requires a powerful IT 
infrastructure, particularly for a rapidly 
growing company. 

With diverse and outdated systems, 
ARS began searching for a standardized 
platform that would reduce both its 
administration and licensing costs. The 
company set a goal to introduce open 
standards and interfaces that would lay a 
foundation for future development. 

Many employees relied on Microsoft 
Outlook to communicate with customers, 


but the company wanted a more robust e- 
mail system that offered collaboration 
features. In addition, the company’s master 
customer stored in 
multiple locations across its enterprise, 
creating an urgent need to centralize data. 


information was 


SOLUTION 


ARS evaluated several collaboration solu- 
tions including Lotus Notes and Microsoft 
Exchange, but had about 
proprietary software, as well as cost and 
security. The company considered CRM 
software, but found it overkill for a small 
sales staff. 

ARS completed an online evaluation of 
SUSE LINUX Enterprise Server and SUSE 
LINUX Openexchange Server. The company 
d 


concerns 


iscovered that it could solve its problems 
without a large CRM system by simply 
integrating its customer databases and 
other applications into a portal interface 
with SUSE LINUX Openexchange Server. 
“We wanted centralized access to our 
diverse applications, as well as a shared 
terface and database,” said Peter Laubsch, 
IT manager at ARS Altmann AG. “We 
looked for a comfortable and efficient 
portal for our entire enterprise and found it 
in SUSE LINUX Openexchange Server.” 


= 
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“THE DECISION 
TO CENTRALIZE 
OUR IT INFRA- 
STRUCTURE AND 
USE SUSE LINUX 
OPENEXCHANGE 
SERVER AS OUR 
PORTAL HAS 
BEEN 
ABSOLUTELY 
THE RIGHT 
DECISION. OUR 
INVESTMENT 
PAID OFF IN 
JUST A FEW 
MONTHS. THE 
SUSE SOLUTION 
PERFECTLY 
SUITS OUR 
CONCEPT OF 

A MODERN 
ARCHITECTURE 
AND MAKES 

US MORE 
COMPETITIVE 
THANKS TO ITS 
LOW COST AND 
MANPOWER 
REQUIREMENT.” 


PETER LAUBSCH- 
IT MANAGER 
ARS ALTMANN AG 


UP AND RUNNING IN HOURS 
ARS worked with Econtec, a solution 
provider in Nurenberg, to install SUSE 
LINUX Openexchange Server. Not knowing 
what to expect, ARS was concerned when 
the partner was returning to his office after 
just a few hours. 

“T asked our partner if there was a 
problem and was astounded to find out that 


the installation was complete!” said 
Laubsch. “We spent another two days 
adding contacts and setting up e-mail and 
then completed the switch to SUSE 
LINUX overnight.” 

The company’s previous Microsoft 
Windows NT servers experienced down- 
time nearly every other day. With SUSE 
LINUX Openexchange Server, the company 
has 99.999 percent uptime and has expe- 
rienced only two instances of unplanned 
8 months. ARS also has 12 
SUSE LINUX Enterprise Servers running 


downtime in 


on Siemens Intel hardware. 

“With SUSE LINUX, you can just install 
it and forget it,” said Laubsch. “Our servers 
are only down when we are doing an 


update. It’s unbelievable. In fact, our users 


only noticed we had a new system because 
they didn’t have any more downtime.” 

ARS has already significantly reduced 
its licensing and administration costs, 
saving nearly 70 percent of the cost of a 
Microsoft solution. 

“We have been using Linux-based 
solutions as the basis for many of our 
customer systems—and succeeded,” said 
Peter Bartonik, sales representative at 
Econtec GmbH. “A major advantage of 
SUSE LINUX is the ability to create 
solutions that meet the requirements of our 
customers without compromise. We 
combine this technical advantage with full 
support and maintenance.” 


CENTRALIZED ACCESS 

SUSE LINUX Openexchange Server is the 
ARS, 
providing centralized access to customer 
information, e-mail, calendaring and 
resource planning. Employees can access 
the portal using any standard Web browser, 
significantly reducing IT administration 


core business application for 


time and costs. 

“Remote access is particularly impor- 
tant to management, traveling employees 
and those who want to work from home,” 
said Laubsch. “Our staff now has electronic 
access to our quality-control handbooks 
from any logistics center, without the need 
to carry a large, printed handbook.” 

With master customer data stored in a 
central database on the SUSE LINUX 


JVIIAVTH 


PROACTIVE IT HELP DESK MANAGEMENT: USING ZENWORKS WITHIN AN ITIL PROCESS FRAMEWORK 


BY LARRY RUSSON 


18 NOVELL 


GroupWise® — made to move 


Teamware Mobile™ 


Teamware Mobile is a unique solution for efficient information and 
time management. It enhances your Novell GroupWise collaboration 
environment to support mobile usage any time, anywhere. 

You can securely connect to your corporate intranet and extranet 
as well as to other critical information and enterprise applications. 
Your e-mail and calendar services are automatically available via 
your mobile phone. Efficient e-mail filtering and calendar 
synchronization keep you up to date at all times. 

In providing secure and instant access to GroupWise from 
customer sites or home, when travelling, on holiday, Teamware 
Mobile accelerates work efficiency to a whole new level and allows 
for increased performance. 


Find out more: info@teamware.com or phone +358 207 515 300. 


Ee 
i 
28.04.2004 
10:00-11,00/Project s_ i 


Teamware delivers efficient and unique solutions to mobile 
professionals. We provide software and services for creating 
interactive collaboration solutions with 20 years of expertise. 
Our roots are in Nokia. Today our major owners are 3i and Fujitsu. 


www.teamware.com 


Novell.’ 


“WITH SUSE 
LINUX, YOU 
CAN JUST 
INSTALL IT 
AND FORGET 
IT. OUR 
SERVERS ARE 
ONLY DOWN 
WHEN WE ARE 
DOING AN 
UPDATE. IT’S 
UNBELIEVABLE. 
IN FACT, OUR 
USERS ONLY 
NOTICED WE 
HAD A NEW 
SYSTEM 
BECAUSE THEY 
DIDN‘’T HAVE 
ANY MORE 
DOWNTIME.” 


PETER LAUBSCH- 
IT MANAGER 
ARS ALTMANN AG 


Openexchange Server, the company has a 
secure and accurate repository for critical 
customer information. Employees can 
information 
significantly faster to provide better 
service. They can assist customers on the 
phone by automatically accessing recent 
activities or all vehicles associated with 
that customer. 

The portal is also an efficient way to 
distribute risk management software to 
multiple locations. The IT staff places virus 
protection updates on the portal and sends 
a notification to employees that they can 
download software from SUSE LINUX 
Openexchange Server in minutes. 


access customer contact 


OPEN TO THE FUTURE 
With an open source solution, ARS can 
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develop the portal to meet specific business 
needs. The company plans to integrate its 
portal with its phone system, creating an 
up-to-date corporate directory that will 
make it easy for employees to find 
colleagues across the enterprise. Employees 
will simply click on a phone number and 
SUSE LINUX Openexchange Server will 
automatically dial it for them. 

“Tt is absolutely critical for us to be able 
to customize our environment,” 
Laubsch. “We're huge fans of open source 
because we save a lot of money and get 
greater security than in the Windows 
world. There is also a short reaction time to 
solve problems because it’s often easy to 


said 


find a solution on the Internet.” 

Today, customers receive a daily e-mail 
with an account update. Future plans 
include using ZOPE to integrate SUSE 
LINUX Openexchange Server with the 
company’s data warehousing software. 
Customers would then have secure portal 
access to view their accounts at any time. 
For example, car dealers may want to see 
the status of their cars and track ship dates. 

“We've been a big fan of Novell over 
the years and feel that it has a great 
opportunity now with SUSE to be a huge 
player in the Linux world,” said Laubsch. 
“SUSE will really benefit from the 
knowledge and the distribution channels of 
Novell. Having the backing of a big 
company with established programs and 
support makes a huge difference.” 

With the success of SUSE LINUX on the 
server side, ARS is also looking to migrate 
to Linux on the desktop. 


RESULTS 


ARS replaced its antiquated architecture 
with SUSE LINUX Openexchange Server 
to create a modern, high-performance 
architecture to support its rapidly 
growing business. SUSE LINUX 
Openexchange Server has helped ARS 
significantly reduce its licensing costs 
with a platform that is 30 percent the cost 
of a Microsoft solution. The company has 
also reduced its IT administration time by 
70 percent with a reliable system that 
delivers 99.999 percent uptime. 


Centralizing servers and applications 
has not only reduced costs, but has also 
helped the company avoid additional 
expense. Employees have far greater 
flexibility with the ability to access 
enterprise applications via a portal from 
any standard Web browser, allowing them 
to travel without a laptop and making them 
more effective while working from home. 

With an open source solution, ARS can 
save time and money down the road by 
customizing its own portal. The company 
will improve the ability of its customers to 
do business by providing secure Web access 


to real-time information about accounts 
and orders. 

“Without SUSE LINUX, we would need 
twice as many IT resources, not to mention 
consulting resources,” said Laubsch. “We 
would probably double our administration 
costs and have serious concerns about 
security. Now we have a reliable, cost- 
effective solution. Best of all, we can tailor 
it for our unique business.” N 


SUMMARY 


CHALLENGE 
Reduce administration costs 
associated with diverse and 
outdated systems 
Eliminate recurring downtime 
Centralize customer information 
from nearly 50 systems 
Improve remote access to 
enterprise applications 


SOLUTION 
SUSE LINUX Enterprise Server, 
SUSE LINUX Openexchange Server 


BENEFITS 
Implemented a standardized 
architecture to reduce administrative 
time and costs by 70 percent 
Increased uptime to 99.999 percent 
Centralized data provides 
immediate access to accurate 
customer information 
New portal gives employees 
greater flexibility when traveling 
or working from home 
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PROACTIVE IT HELP DESK IS A MUST IN 
today’s economic and regulatory environment. IT-dependent 
organizations must focus on establishing better control over servicing 
the customers of the IT department. In addition, cost reductions are 
a necessity in today’s economy. And, internal support groups are a 
frequent cost reduction target. Help desks and desktop support 
teams need to ensure that their services are clearly defined and 
aligned with the business requirements. 

With the cost of responding to a help desk request averaging 
$38 US or more per call, it’s imperative that help desk 
management constantly strives to maximize productivity to 
improve service levels and lower costs. Most private and public 
organizations are under real pressures to increase productivity in 
order to gain a competitive edge. 

Whenever employee output is impeded by a failure in IT, the 
help desk is usually the single point of contact for end-users who 
need assistance, regardless of whether the employee is sitting at an 


office desk, on the road or telecommuting. Without this single 
point of contact an organization would face major losses in time 
spent looking for ways to fix issues and get help generating 
substantial financial risks. 

Even though most IT dependent organizations have help desk 
centers, the strategic advantage of the help desk is not well 
understood by senior management. They often see the help desk 
budget as a black hole without any real benefit to the organization 
because it does not generate revenue. As a result, help desk 
managers, like everyone else supporting the technology-enabling 
initiatives of the enterprise, continually face the challenge of 
accomplishing more with fewer resources. 

Those in the role of IT user support over the past few years 
have seen a profound organizational shift to reduce costs and 
improve the efficiency of the help desk. Since the end of the 90's, 
the traditional help desk role has been shifting from an almost 
isolated, reactive technical support function into the center of a 
new, integrated IT services management group. This shift is due in 
part to software vendors supplying mature desktop and help desk 
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management software, and also industry-wide initiatives to 


standardize “best practices” for better managing the processes and 
work flows required to streamline help desk center activities. One 
of these industry standards initiatives is the IT Infrastructure 
Library, commonly known as ITIL. 

The ITIL is essentially a library of documents used to aid in the 
implementation of a framework for IT service management. This 
customizable framework defines how service management is 
applied within an organization. 

Other competing/complimentary standards are filtering up 
through the IT standards ranks to address similar needs, but ITIL is 
quickly gaining acceptance as the worldwide defacto standard for 
best practices in the provisioning of IT services. 

The focus of this article is to demonstrate the benefits of 
utilizing the ITIL framework to integrate ZENworks functionality 
into your help desk or IT service desk, providing the following 
benefits to your organization: 


Improved customer satisfaction through expedited 
incident resolution 
Automated provisioning of software assets from 
a policy-driven framework 
Increased efficiency for help desk agents through remote 
management tools and complete asset control 
Enhanced focus and a proactive approach to service 
provisioning 
Better managed IT infrastructure and policy-based 
device configuration 

» Improved usage of IT support resources and increased 
productivity of business personnel 
More meaningful management information to support decisions 


By utilizing ZENworks not only for simplifying the life cycle 
management of IT assets, but also as a powerful component in your 
IT service desk strategy, your organization will reap the benefits of 
greatly improved processes and control. 


ORGANIZATIONAL CHANGE 

Most IT departments have recognized the tactical importance of 
the help desk role in an IT-dependent organization. Although, the 
help desk is considered very important and requires a skilled 
work staff, it is still a labor-intensive function and therefore 
costly to maintain. So IT managers have had to address the help 
desk function in new ways. Traditional help desk management 
roles are being divided to better address the responsibilities 
within the IT services management group. IT organizations have 
divided into two separate roles: one considers the future of 
computing in the organization and the other looks after the 
present. These are commonly known as development and IT 
services, respectively. 


PROCESS-DRIVEN CHANGE 

The help desk function, in most IT departments, has become the 
most process-driven part of the IT department. Policies are put in 
place for each help desk function to increase the efficiency and 
productivity of the help desk employee. Most help desk requests 
follow a common work flow toward the final resolution. The majority 
of new help desk tools, such as those from Remedy and Touchpaper 
Software, focus on providing “best practice” methodology and 
procedures for maintaining IT systems. 

In the past, the help desk was typically a loose group of 
technicians, running around solving issues as they developed. But 
in today’s highly competitive marketplace, companies are relying 
on refined processes for IT service delivery and well-defined work 
flows for help desk support. All with the end goal of improving 
efficiency and business-oriented processes. 


PLAYING THE CATCH-UP GAME 
Traditionally, the help desk support center stood alone typically as 
a reactive function with a relatively focused set of responsibilities: 
solve all reported problems as soon as possible after they are 
reported. Basically, it’s a fire-fighting operation. 

In addition, traditional help desk staffing practices generally 


did not take into account that many help desks were not staffed to 
cope with the capacity of calls outside of day-to-day problems, 
such as virus or worm attacks. The help desk is often in a position 
of playing catch-up, building its skills just in time, going from one 
problem to the next and never being able to provide adequate IT 
services to all employees that need it. This creates a financial risk 
for IT organizations as budget planning and potential service 
downtime is not controlled. 

The need to manage this risk is becoming a key contributing 
factor in the way IT services have changed help desk functions to . 
be more focused on procedural and work-flow-based operations. In 
addition many IT service departments have begun negotiating 
service level contracts with departments consuming IT services and 
charging for services rendered. Also, financial pressures of getting 
better management of IT assets to reduce costs and justify 
expenditures is driving many IT organizations to broaden their 
focus by looking at managing the life cycle of user computing from 
end to end instead of just reacting to daily changes. 

For an IT services department to function well, the help desk 
support center needs to integrate well with other elements in the IT 
service's portfolio. The portfolio of services may include supplying 
the computer and guaranteeing the availability and capacity of the 
network to which it is attached. They may also have specified the 
computer configuration in the first place, designed the operational 
standards with which the hardware and software must comply, and 
ensured the user was adequately trained to use the system. Ideally, 
the IT services department does not see these as a loose collection 
of services, but as part of an integrated process. 


BENEFITS OF ITIL 

The Information Technology Infrastructure Library has already 
considered what may be the main processes of IT services and how 
these link together. Organizations are looking at the ITIL process 
framework as a method to better address IT management. Five 
main areas of IT “best practice” processes are addressed by ITIL for 
help desk service support: 
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1 INCIDENT MANAGEMENT 

2 PROBLEM MANAGEMENT 

3 CHANGE MANAGEMENT 

4 CONFIGURATION MANAGEMENT 
5 RELEASE MANAGEMENT (See Figure 1) 
The idea of a centralized inventory database of hardware and 
software assets is represented in a configuration management 


ITIL SERVICE MANAGEMENT 


process. Change management then covers how an item of 


technology may be considered and approved for procurement or 
creation and then deployed. 

The deployment is, of course, a change in itself: one of absence 
to presence of a product, software program or service. Service 
management looks after the support of the asset and its user. 
Under ITIL service management the parameters of preset service 
levels may also function as IT staff productivity targets. ITIL goes 


Service Financial Capacity Availability Continuity 
Level Management Management Management Management 
Management for IT services 


SERVICE DELIVERY SET 


SERVICE SUPPORT SET 


Incident Problem Configuration Change Release 
Management Management Management Management Management 
FIGURE 1 
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further with its problem management process, by looking at how 


repeated incidents may point to a deeper problem. When rectified, 
can make a significant improvement to the usability of the 
computer systems. 


INTEGRATING ZENWORKS INTO HELP DESK PROCESSES 
The amount of time saved on incident handling depends on having 
the right set of tools in place to support the help desk process. 
Integrating ZENworks into your help desk processes and workflow 
provide features such as remote diagnostics, remote control, asset 
management, application distribution and system recovery each 
streamlining the problem resolution process for agents. 


REMOTE DESKTOP MANAGEMENT 

ZENworks 6.5 includes remote management giving help desk agents 
the ability to remote control and/or view a desktop on the network 
and perform remote diagnostics, remote program execution and file 
transfers. Help desk agents can use ZENworks remote management 
tools on desktops and even over the Internet through NAT-and 


Service Support Set 


Service Support is an operational methodology for supporting the 
delivery process of IT services. Service support contains six process 
models that enable IT services to be delivered effectively. The five 
models; Configuration Management, Incident Management, Problem 
Management, Change Management, Release Management, (See Figure 1) 
and Service Desk, (See Figure 2) provide standards for managing day- 
to-day operations for IT customers. ZENworks enhances the ITIL 
models by automating many of the day-to-day tasks required for 
supporting and maintaining the IT customer's desktops, servers and 


handheld devices. 
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double-NAT-routed networks. Users can also make remote control 
requests to get support from a help desk agent. 


INVENTORY & ASSET MANAGEMENT 
The benefits of integrating asset management software with help 
desk software are centered on increasing agent productivity. 
Reduced incident handling time is the most obvious benefit, 
since agents have all of the information about the employee's 
desktop hardware, software and peripherals available through- 
out incident resolution. 
ZENworks hardware and software inventory management data 


that is integrated with Help Desk software streamlines agent flows. 
This offers benefits such as reduced incident handling and 
resolution time. It also provides additional flexibility to the help 
desk for proactive end user support. Adding ZENworks inventory 
can improve the accuracy and relevancy of IT asset data for many 
IT service processes involving change and configuration 
management. Any software or configuration changes on the 
desktop are automatically updated to the inventory database. 


ITIL Process Framework Benefits 


ITIL introduces a process framework for better managing IT focused 
on delivering high quality and guaranteed IT servces to the IT 
customer. The benefits of utilizing the process framework are: 


Makes quality improvements measurable 

Makes IT Service Management processes manageable 
Provides a consistent method of running IT 

Provides a standardized terminology 

Improves internal and inter-departmental communications 


Increases customer satisfaction by meeting the right expectations. 
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Having complete asset information available driving each help desk 
incident allows granular reporting on root-cause analysis and failure 
rates for different assets and asset types. This is useful to help desk 
management for process analysis and refinement. For instance, the 
ZENworks 6.5 hardware scanning agent even collects data about the 
system chassis. This can help you identify systems that are getting 
out of date or might be incompatible with future upgrades. 

In addition to hardware scanning, ZENworks 6.5 has 
numerous enhancements in the software scanning agent which 
allows it to identify more types of software and collect additional 
data. For instance, the new agent checks for commercial and 
custom-defined suites. Custom-defined suites allow you to define 
a specific set of files that make up an application that can be 


scanned on the systems. 

A primary benefit of integrating asset tracking with help desk 
software is increased agent productivity, not only for level-one 
agents, but also for technicians gathering information by preparing for 
desk-side visits. Other benefits include incident-handling time and 
increased first-call resolution because agents have all of the 
information about the employee’s desktop hardware, software and 
peripherals available through the whole incident-management process. 


SYSTEM RECOVERY 


Integrating the ZENworks imaging feature, image restoration, 
allows help desk agents to completely restore a desktop to the 


ITIL SERVICE SUPPORT PROCESS MODELS 


Problem 
Management 


Incident 
Management 


desired machine state. This can be a last resort for incident 
resolution, but can be useful when a machine's operating system is 
beyond functional repair. Included with ZENworks imaging is 
automated application distribution. Using it, a workstation can be 
restored in a very short time to a productive state. 


A GREATER UNDERSTANDING 

The IT help desk is similar to a production line, providing a complex 
range of service products for a wide, varied and demanding 
customer base. For it to work properly, the help desk must have 
processes that are understood by all members of staff. There are too 
many variables to leave things to the old ways of relying on the 
goodwill and enthusiasm of the staff, which characterized the help 
desk in its earlier, less mature days. The risks are too great of a 
handover not taking place and job ownership being lost, or of 
insufficient value being added at some stage of the production line. 
All such delays impede the delivery of IT into the business, thus 
putting profits and corporate goals in jeopardy. 

For the processes to work, they have to be applied in a prudent 
manner. ITIL is a straight forward process framework that can help 
you establish methodologies to better align IT services and service 
support responsibilities. The ZENworks policy-based approach for 
managing the full lifecycle of your IT assets along with the workflow 
nature of Help Desk management software can comprise the hub of 
a more efficient and productive ITIL-compliant IT Service Desk. N 
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HE RAPID RISE OF POPULARITY IN LINUX AND 
Open source computing, while offering a number of compelling 
business benefits, further complicates resource management by 
introducing a whole new way of writing, testing, packaging and 
acquiring software. 

The combination of Novell ZENworks Linux Management and 
SUSE LINUX provides the most powerful and secure Linux solution in 
the market by giving IT administrators and managers centralized 
control over Linux software configurations across their server and 
workstation infrastructures. 


THE NEED TO UNIFY IT RESOURCE MANAGEMENT 
IT professionals in most organizations face the challenge of managing 
IT resources in a highly complex and diverse environment. They 
have to manage multiple hardware platforms including servers, 
desktops, laptops and handhelds, and they have to manage multiple 
Operating environments, including Windows, NetWare and Linux. 
Managing the Linux (open source) environment presents a new 
and particularly vexing challenge because it redefines the way 
software is developed and distributed. 

A number of additional factors further complicate resource 
management: 


1 


DEPENDENCY RESOLUTION 
Nearly every software package that’s installed has dependencies on 
other software within the system. 


2 


BANDWIDTH ISSUES 

One of the most overlooked requirements in designing a software 
management system is network bandwidth. Consider that the amount 
of system information and instructions communicated between the 
managed system and the ZENworks Linux Management server is 
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relatively small in comparison to the megabytes of data contained in 

an RPM-based software package that is downloaded and installed. 
ZENworks Linux Management has features that help with 

bandwidth. For example, managed systems doing automatic 


updates will not all try to connect to the server at the same time. 
They will delay their request by a random length of time (the total 
time span can be configured). This effectively staggers the request, 
insuring that each managed system can access the server. While 
these features can be helpful if all the managed systems are located 
together, having to deal with bandwidth issues over a wide area 
network presents a different set of problems. If business centers 
are distributed across the country, or across the world, having all 
managed systems come back to a central system for their updates 
can be a costly and slow process. 

Luckily, you have two alternative solutions, both of which are 
available with ZENworks Linux Management: 


CACHING 

The ZENworks Linux Management cache allows for distributed 
package caching across your wide area network. The cache handles 
all authentications and requests for packages for a specified group 
of managed systems. While the initial “fetch” of a software package 
will be done over the wide area network, all other requests for that 
same package will be serviced by the cache. This gives you a central 
server that all administrators in the organization can access and use, 
offering the most control over channels, groups and software. 


DISTRIBUTED SERVERS 

Another way of distributing packages is by using the ZENworks 
Linux Management mirror and having ZENworks Linux 
Management servers at each location. As explained in Automatic 
Updates on page 29, the mirror can be configured to automatically 
download software package updates to the local server. In this 
configuration, a centralized repository of software can be 
maintained, but local administrators have control of channels, 
groups and update transactions. 


3 


DIVERSITY OF APPLICATIONS 
Desktops and servers differ considerably with respect to their 
software configurations. 
Ageravating the problem is that the IT infrastructure must be 
continually evolved with new applications, software updates and 
patches to meet changing business needs. 
The complexity of the IT infrastructure combined with the need to 
evolve it continually necessitates a delicate balancing act for the IT 
staff. Administrators must deploy updates, especially security updates, 
quickly, yet they must ensure that updates don’t disrupt services. 


What is required is a single resource management solution that 
allows organizations to manage all their IT resources across all 
operating environments, including Linux, from a single point. Only 
in this way can the IT staff streamline operations and reduce 
management costs while increasing the value of the organization’s 
IT resources and services. 


THE UNIQUE CHALLENGE OF MANAGING 

THE LINUX ENVIRONMENT 

Linux and the open source community have fundamentally 
changed the way software is written, tested, packaged and 
acquired. The open source community consists of literally hundreds 
of thousands of developers around the world. These developers are 
typically engineers and IT professionals who are experienced in 
creating stable, high-quality software. 

Unlike proprietary software, open source software is open to 
peer review and intense scrutiny. So organizations can review and 
modify code before installing it, permitting greater control of 
production software. Security problems are openly acknowledged, 
giving customers the opportunity to proactively evaluate the level 
of risk and take actions to mitigate risk until a resolution is 
available. When security issues surface, the entire open source 
community can and does propose the requisite changes, resulting 
in rapid problem resolution as well as bug fixes. 


As a result, the Linux environment is highly dynamic. Developers 
are continually evolving the Linux operating system, and 
generating and evolving many new applications. Also, independent 
software vendors who previously sold their applications only into 
proprietary operating environments are now extending their 
applications to the Linux environment. The end result is a rapid and 
continuous flow of new applications, and of operating system and 
application updates from a wide variety of sources both inside and 
outside the organization. 


AUTOMATIC UPDATES 

Getting software updates on your own can be a time consuming 
issue. Administrators can spend hours each week reading errata 
and searching for new software packages, trying to determine 
which updates are critical, and which can be implemented later? 
Added to this is the effect new software can have on current 
systems and applications. Will something break when this new 
software is installed? 

SUSE LINUX Enterprise Server ships with YaST, a powerful tool 
that helps administrators do a number of system tasks including 
software updates on single systems. YaST uses the YaST Online 
Update (YOU) service to obtain software updates produced by 
SUSE. ZENworks Linux Management can take advantage of the 
YOU service to distribute software updates to all your managed 
systems automatically. 

To acquire the updates, you'll need to use the ZENworks Linux 
Management mirror which is shipped with ZENworks Linux 
Management. This is a special software module that works in 
conjunction with the ZENworks Linux Management server, and 
obtains any new software packages from YOU, other services and 
even another server. Once configured, the mirror can add software 
packages and patches to the appropriate software channel for later 
distribution to your managed systems. 

While the entire process is automatic, you always have control 
over how and when the software is deployed. This is particularly 
important when you want to test and verify new software updates. 
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ZENworks Linux Management allows you to do this easily by 
utilizing the flexibility of channels and groups. The mirror can be 
configured to put new software packages into test channels that 
automatically update test machines using the transaction feature. 
After you're satisfied with the new functionality, you can move the 
software packages to production channels that will then 
automatically deploy them across their infrastructure. Many 
current users of ZENworks Linux Management use _ this 
configuration with great success. 

ZENworks Linux Management, together with the YaST Online 
Update service, offers you a fast, powerful, and manageable 
solution for getting the latest software packages to the machines in 
your organization that need them most. 


A DOUBLE-EDGED SWORD 
The unique characteristics of open source computing offer a number 
of advantages, including lower total cost of ownership, a high level 
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of flexibility through support of open standards, rapid detection and 
fixing of bugs and security holes, and a large and rapidly growing 
array of applications. However, open source computing also brings a 
new and unique software management challenge, especially in 
companies with large numbers of Linux systems. 

The rapid and continuous flow of operating system and 
application updates that enhance Linux security, reliability and 
functionality make update and patch management difficult. In an 
effort to simplify the deployment and update of Linux software, 
there are many companies, organizations and individuals that 
create Linux distributions. There are over 300 Linux distributions 
available today. Some, such as SUSE LINUX and Red Hat, offer 
generalized distributions and are well known. Others, such as 
BlueCat and Tivo, offer specialized packages for particular 
applications and are not as well known. 

These companies combine the best of what’s available in free 
and open source software. They aggregate the software 
components into distinct packages called Linux distributions 
testing the components together to ensure that organizations can 


properly install and configure them. They then distribute the 
packages to their user communities. When new software source 
code is released for a particular application that is included in the 
distribution, the distributing organization compiles and packages 
the new software for distribution to their user community. 

A complicating factor in the Linux environment is that different 
software projects release changes on their own timetables based on 
the needs of their particular communities, and not all releases are 
implemented in packages by the Linux distributors. Because a 
distribution is a snapshot in time of the current state of software, 
it may contain out of date software on the day it is released. In 
addition, some organizations have deployed multiple Linux 
operating system distributions, such as Red Hat Linux and SUSE 
LINUX. This means that the IT staff has to manage updates for 
multiple versions from multiple vendors as well as from other 
sources such as internal developers. As a result, a challenge for 
administrators is how best to update the applications delivered 
with their distribution. 


Results That Count 


Managing IT resources in today’s complex dynamic environment presents a major challenge 
Organizations have to manage diverse combinations of hardware and software that may be spread 
across wide geographical areas. As if that weren't difficult enough, they also have to perform the 
delicate balancing act of continually evolving their infrastructures to meet changing business 
needs while maintaining or even improving agreed-on service levels. 

The Novell Resource Management solution helps organizations meet the challenge. The 
solution enables the IT staff to manage diverse infrastructures that include servers, desktops, 
laptops and handhelds running in a variety of operating environments that include Windows, 
NetWare and Linux. And they can manage the environment from a single point using identity- 
based, policy-driven automation. 

With the 


efficiency and productivity, improved IT service, greater business agility and the close alignment 


ovell Resource Management solution in place, organizations can enjoy increased IT 


of IT resources with business priorities. What’s more, Novell intends to continually evolve the 


Novell Resource Management solution in a variety of areas, including: 


™ Advancing both ZENworks and ZENworks Linux Management technologies to enhance their 
functionality. 


= Merging the functionality of ZENworks and ZENworks Linux Management to extend their 


combined capabilities to all operating environments. 


™ Tightly integrating ZENworks and ZENworks Linux Management technologies through such features 


as a single and unified architecture and Web interface to further simplify installation and use. 


ZENworks provides comprehensive functionality that enables organizations to continually evolve 
their IT infrastructures to meet ever-evolving business needs while maintaining a secure and 
stable environment. It also helps reduce administrator effort and lower the total cost of ownership 
(TCO) of IT resources. 

The business benefits of ZENworks have proven to be significant and include increased IT 


efficiency and productivity. International Data Corporation (IDC) recently interviewed IT 
executives at a number of large companies that have been using ZENworks. IDC found that over 
a three-year period: 


The companies surveyed saved an average of more than $2.3 million annually from increased IT 
efficiency, amounting to $14,348 per 100 users. 

m The companies also saved an average of almost $1.2 million annually from the reduction of IT 
ravel costs and lower hardware, software, training and outsourcing costs. 

= |mprovements in IT productivity contributed further costs savings of more than $2.6 million 
annually, amounting to $16,296 per 100 users. 


m Increased user productivity also had an impact on savings, contributing close to $20.4 million 
annually, or $126,288 per 100 users. 
= Reduced downtime allowed the recapture of an average of $153,395 annually, or $950 per 100 


users, in revenue that was previously lost. 


OVERALL: 

™ The average savings over the three-year period after employing ZENworks had a net present 
value of $355,028 per 100 users. 

m The average three-year ROI from deploying ZENworks was 1,012%. 

™ The average payback time was 98.5 days. 


As a result, with the Novell Resource Management solution, organizations are assured that the 


solution they put in place today can meet their evolving requirements well into the future. 


*IDC, NOVEMBER 2003, QUANTIFYING THE BUSINESS OF CONSOLIDATED IT RESOURCE MANAGEMENT 
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Some companies provide update services either free or as a paid 
service. For example, the two most popular Linux distributions 
SUSE LINUX and Red Hat provide dedicated update services. Web 
sites such as rpmfind.net offer complete repositories of past and 
present software packages. Some organizations take on the Linux 
update process by themselves to permit them to customize the 
applications for their particular IT environments. In any case, 
managing Linux resources presents a new and difficult resource 
management challenge. 


NOVELL TO THE RESCUE 

Organizations need a solution to help them meet the challenge of 
managing their Linux resources, especially the challenge of update 
and patch management. To be effective, a Linux resource 
management solution should support the update process typically 
employed in the Linux environment. This process consists of four 
major phases: 


OBTAIN NEW uppates. The solution should automate the access of 
updates, not only updates from outside the organization but also 
those from internal developers. 

MOVE UPDATES INTO TEST ENVIRONMENT. The solution should facilitate 
the move of updates into the test environment and, if desired, 
automate the move. 

ORGANIZE AND MANAGE SOFTWARE THROUGH TESTING. The solution 
should provide the means to monitor and manage the software 
test process, tracking progress. 

DISTRIBUTE TESTED SOFTWARE INTO THE PRODUCTION ENVIRONMENT. The 
solution should permit the management of migration of tested 
software to the appropriate production systems, automating the 
process where practical. 


ZENWORKS LINUX MANAGEMENT 

Novell has added the power of ZENworks Linux Management 
(formerly Ximian Red Carpet Enterprise) to its Novell Resource 
Management solution. ZENworks Linux Management combines the 
cross-platform power of Novell ZENworks with the in-depth Linux 
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software management capabilities from Red Carpet Enterprise. 
(Novell acquired Ximian in August 2003.) 

Novell ZENworks permits organizations to manage all the 
resources of diverse systems including desktops, laptops, servers 
and handheld devices across multiple operating environments that 
include Windows, NetWare and Linux all from a single point. 
ZENworks Linux Management extends the capabilities of the 
Novell Resource Management solution to meet the unique 
requirements of the Linux operating environment. 

ZENworks Linux Management is a field-proven tool for Linux 
management, with over one million users of the Ximian Red Carpet 
desktop utility. ZENworks Linux Management gives IT 
administrators and managers centralized control over Linux 
software configurations across their server and workstation 
infrastructures. It provides a centralized management console to 
handle software updates, new installs and removals from any 
number of Linux systems. It provides automated and intelligent 
Linux package dependency analysis and conflict resolution for 
smoother software installations. It also provides unprecedented 
control features for scheduling updates of Linux software to user- 
defined groups of systems across the enterprise. 

With ZENworks Linux Management, administrators use a single 
solution to automatically deliver and update packages across their 
organizations. Administrators can work from either an intuitive, 
Web-based administration console or a powerful command line 
interface. They can centrally configure and distribute software 
selections, manage users and organize groups of machines for 
installations and updates. They can build secure, custom software 
channels to deliver Linux packages that have been internally 
developed or customized, or packages from Linux OS publishers 
and other leading Linux vendors all without the need for expensive 
and time-consuming third-party customizations. Administrators 
can define specific update schedules that run automatically, or they 
can initiate updates directly. 

ZENworks Linux Management supports a variety of Linux 
distributions, including SUSE LINUX, Red Hat and Mandrake. Its 
many advanced features include: 


LINUX 


in the office 


Novell ZENworks 6.5 


Novell ZENworks has long been recognized as a leading cross- 
platform resource management solution. Only ZENworks allows 
companies to manage the entire lifecycle of desktops, laptops, 
servers and handheld devices. Through unique identity-based, 
Policy-Driven Automation, ZENworks can eliminate admin- 
istrative burdens and increase enterprise-wide business efficiency. 


LINUX MANAGEMENT 
ZENworks provides automated and intelligent Linux package dependency analysis and 
conflict resolution for smoother software installations; plus unprecedented control features 
for scheduling updates of Linux software to user defined groups of systems across an 
enterprise. The result is a complete Linux software management system that helps to cut IT 
costs by dramatically reducing the required overhead needed to manage Linux software 
package updates. 


SERVER MANAGEMENT 
ZENworks helps reduce server TCO. It automates server configuration and the distribution and 
inventory of applications and patches across all servers, regardless of platform. It distributes 
applications and patches intelligently across servers, based on server identity and policies. Its 
unique tiered distribution capabilities permit efficient large-scale distribution and distribution 


over varying line speeds. 


DESKTOP MANAGEMENT 
ZENworks is the only policy-based desktop solution that utilizes the identities and roles of 
users in managing desktop resources. It automates the set-up, updating, healing and migration 
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Using the power 
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icies. All ZENworks desktop management capabilities are available on Windows XP. 


HANDHELD MANAGEMENT 


ZENworks automates the management of Palm, Windows CE, PocketPC and RIM BlackBerry SPAM and viruses are destroying 


handheld devices. It enables the IT staff to centrally enforce the use of passwords, deploy your email system 


standard images and content, update applications, identify lost devices, lockdown 
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configurations and monitor license compliance. As a result, it provides a single point of 
administration for all IT resources including server, desktop, laptop and handheld devices. 


The broad, multi-device functionality sets ZENworks apart from the specialized offerings of 


mobile resource management vendors. In addition, its in-depth handheld management 


¢ LINUX-based 
¢ Self-installed 
¢ Self-maintained 


capabilities clearly distinguish ZENworks from the very limited handheld management 
capabilities of other resource management vendors. What’s more, ZENworks improves user 
productivity and reduces help desk calls by automating the set-up and maintenance of 
handhelds ensuring that it’s done correctly and removing the burden of self-support from users. 
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ZENworks automatically backs-up and synchronizes user files and data across multiple devices 
and the Internet. It operates across all platforms including Windows, NetWare and Linux. It 
helps minimize dataloss, lower the cost of data restoration and decrease the number of data 
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SOFTWARE DEPENDENCY RESOLUTION. Unlike traditional software 
management solutions, ZENworks Linux Management automat- 
ically determines package requirements before attempting to install 
software, freeing administrators from this time-consuming task. 
AUTOMATED SOFTWARE AND PATCH MANAGEMENT. ZENworks Linux 
Management automatically resolves conflicts to keep Linux 
resources stable and secure, reducing the time and risk of 
managing the onslaught of Linux software and security 
packages. It also permits integration with the leading software 
update systems including Red Hat Network and SUSE LINUX 
YaST Online Update. 

SOFTWARE PACKAGE ROLLBACK. Administrators can easily rollback to a 
specified date, quickly undoing any updates that may have 
interrupted service. 

DISTRIBUTION AND INSTALLATION. ZENworks Linux Management is 
architected to provide efficient distribution of software and 
content to Linux servers, facilitating global and enterprise 
distribution over wide area networks. 


Use transactions to schedule recurring or one- 
time updates on a customizable schedule. 


(lee al Ieee “Machine transaction 
file Edit View Go Bookmarks ‘Tools Tabs Help 


*. o> .0% 8 @ @ 


Back stop Reload | Home History Bookmarks — Find 


C1 ‘i at “Cs/machinesftrans: 


¥f ketth@ximian.com 
© machines tn set 


Machine Transaction 


Novels ZENWorkse 
Linux Management 


Home > Transactions » Add/Edit Transaction 


Basie Channels scripts Members 
_ [Transaction Settings} 

Name: Security Update a we 
| Start Date: “xi fia =] [2008 =] 
| Sart time: [13 >| {16 =] 


Home 
Groups 
Channels 
Admins 


Machines 


M Transactions 


i Remove 
Reports Conflicting |~ 
Server Packages: 
/ [Transection Type) a 
‘once Only : 
eC lpy vif 2004 illo +i! 29 ~1 
GH Rollback: © | july = [02 | [2004 ={fio"=| [29 a 


Recurring: © Every}1 ~j/days =| 


*][2004 ~jf10 ~[[29 =| 


Logout 


FIGURE 2 


34 NOVELL 


SOFTWARE PACKAGING 

What is an RPM? RPM stands for RPM Package Manager (yes — yet 
more recursive humor). RPMs are the standard for distributing 
Linux software today. What makes an RPM different from a 
Windows zip file is the information that’s carried in the package. 

n addition to the actual software, each RPM package contains 
a “spec” file that has important information for installation of the 
package, and for other packages as well. The spec file outlines what 
the package needs for installed software (libraries, other 
applications), and what it provides to the system. This database is 
then queried for other installations. This is all stored on an RPM 
database on each system. ZENworks Linux Management uses this 
database to inventory installed applications on the managed 
system. 

While some companies are content with software delivered by 
Linux OS vendors, others find the need to customize software for their 
particular needs. This could be to add needed features, or for helping 
in establishing software standards. The advantage of using open source 
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software is the 


http://www. novell.com/products/zenworks/ 
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COMPELLING BENEFITS 
The Novell Resource Management solution 
provides the roadmap, best practices, skill 
sets and tools customers need to 
consolidate management of their diverse IT 
resources across all popular operating 
platforms including Windows, NetWare 
and Linux. It addresses the unique 
management challenges of the Linux 
environment and _ helps customers 
transition from other operating systems to 
Linux. 
Using a unique approach of identity- 
based policies, Novell Resource Management 


helps customers automate and control IT 


costs, and optimize the value of their 
resources. It helps customers manage the 
complex platforms, directories and systems 
hey have today while laying a resource 


management foundation for the future. The 


susiness benefits are compelling. 


= Increased IT efficiency and productivity. By automating IT processes and optimizing the use of 


T assets, the Novell Resource Management solution enables organizations to increase IT 


efficiency and productivity, and to gain more value from their existing IT investments 


= Improved IT service levels. By providing advanced tools for performing rapid analysis, and by 


automating software usage tracking, resource integrity and operating system migration, the 


ovell Resource Management solution helps organizations improve IT service levels. 


= Greater business agility. By enabling the IT staff to adapt and adjust IT resources and 


infrastructure to meet changing business needs such as managing the increasing mobility of 


the workforce, the Novell Resource Management solution helps organizations achieve greater 


business agility. 


= Tighter alig 


nment of IT resources with business priorities. The Novell Resource Management 


solution leverages the Novell IT resource planning expertise and usage measurement 


capabilities to help organizations transform IT resource and service delivery to create a dynamic 


and scalab 


closely alig 


ned with business priorities. 


e IT environment. This environment enables organizations to keep IT resources 
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PART FROM DISCREPANCIES IN WORKFORCE 
size, small businesses with as many as 100 employees and large 
businesses with at least 500 are alike in many respects. The 
similarities between these little and typically local firms and 
their big and usually global brothers boil down to business. 
Business is business, whatever its size. Owners of mom-and-pop 
outfits and executives of Fortune 500 companies both seek to 
peddle and improve their wares and to create brand new ones, all 
with the same end in mind: whether staffed by two workers or 
run by thousands, businesses exist to make money. 

To back their money-making endeavors, many small businesses 
and most (if not all) large businesses look for affordable, reliable 
and secure network software that is easy to use and maintain. To 


small businesses that need a communications network, these issues 
(affordability, reliability, security and ease-of-use) are arguably 


more important than they are to large businesses. After all, small 
businesses cinch their budget belts considerably tighter than their 
large counterparts, squeezing the life out of any desire to go wild 
purchasing network software. 

In fact, small businesses in the U.S. plan to invest only $3,000 
to $35,000 this year on technology in general. In contrast, even 
medium-sized businesses (those with 100 to 500 employees) plan 
to spend nearly three times that amount. (See Purchasing Decisions: 
A Defining Study of Small and Mid-Sized Business Decision Making 
at www.networkcitybiz.com/files/Purchasing Dynamics NYC 
Presentation Version.pdf.) 

Belt-tightened budgets also explain why small businesses 
seldom have an in-house IT specialist. This means that when it 
comes to learning the networking ropes—what to do if you forget 
your password, for example—pint-sized business staffs are on their 
own. Furthermore, without an IT specialist on hand to quiet 
network hiccups, small business owners are left to do so themselves 
or to wait for hired help. Hence, hiccups, such as downtime and 
data loss, detract owners’ attention from the business at hand and 
take a toll on the productivity of precious few employees. 
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With or without these distractions, keeping a small business afloat 


isn’t easy. In fact, recent statistics reveal that for nearly every 
small-firm fledgling there is a small-business fatality. According to 
the U.S. Small Business Administration, an estimated 572,900 new 
small businesses opened in 2003. That number is disturbingly close 
to the number of small businesses that closed in the same year: an 
estimated 554,800. (For more information, see 
http://app 1.sba.gov/faqs/faqindex.cfm?arealD=24. ) 

Small business, it seems, is risky business indeed. So how can 
one small business avoid joining the ranks of the half million others 
ikely to go belly up this year? 


THE SMELL OF SUITE SUCCESS 

aturally, no one can offer a single, simple answer to this question. 
In fact, Small Business Trends tracker David Patterson says no one 
can give you a real answer at all. “About the best [anyone] will be 
able to do is give you statistics,” says Patterson. While this might 
be true, people are always willing to hazard guesses. In this case, 


he myriad of possible guesses are as varied as the types of small 
businesses out there blooming in the shade cast by multinational 
enterprises. 

That said, you can safely assume at least this much: owners 
who want their small business to not only survive but also thrive 
should focus on their business—not on the technology that is 
supposed to facilitate that business. You can also assume, as small- 
business owners apparently do, that the technology running 
behind the scenes should not be just any technology: it should be 
the latest and greatest. City Business Journals Network found that 
61 percent of 658 small-business owners surveyed in 2003 believe 
that using the latest technology helps advance business. (For more 
information, see Purchasing Decisions referenced earlier.) 


Fortunately, for the estimated 6.9 million small businesses 


operating today within the United States alone (see Purchasing 
Decisions), industry-leading network technology is readily 
available in the form of Novell Small Business Suite 6.5. 


Released in February 2004, Novell Small Business Suite 6.5 is a 
collection of full-featured versions of several of Novell’s award- 
winning networking, collaboration, management and security 
products, including NetWare 6.5, GroupWise 6.51, ZENworks for 
Desktops 4.02 and BorderManager 3.8. (For more information 
about what these products are and what they do, see Sweets in the 
Suite on p. 44.) In addition, the suite features several third-party 
products, such as FatPipe Network’s FatPipe Internet 1.2 and the 
renowned open source Web and application servers, Apache 2.0.45 
and Tomcat 4.1.27. 

Perhaps more important than details about individual 
products and what they do for the suite, are details about the 
entire suite and what it does for you. Novell Small Business Suite 
6.5 meets your criteria for network software: it’s affordable, easy- 
to-use, reliable and secure software that simply does its job— 
leaving you to do yours. 


SMALL BUCKS FOR THE BOX 
If you’re not questioning the use of the word “affordable,” you 
should be because “affordable” is clearly a subjective term. (It’s also 
an abused term thrown about loosely in association with virtually 
every product in this industry.) So how affordable is Novell Small 
Business Suite 6.5? You decide. 

The “affordability” claim references at least these few points 
about Novell Small Business Suite 6.5: 


It is available for less than $500, and the Starter Pack is available 
for free (installation cost aside). 

It can scale to support double the number of users that earlier 
versions support. 

It includes more stuff. 


COST 
You purchase Novell Small Business Suite 6.5 in packs of five-user 
licenses. The first pack you purchase includes licenses that allow for 


as many as five servers on your network. Thereafter, each five-user 
license costs the same as the first five-user license pack: U.S. $475. 
If your business is new and you have five or fewer computer 
users, then even $475 might be more than you want to spend. So 
don’t. Instead, check with a Novell reseller, who can get you started 
with the Novell Small Business Starter Pack for free—almost. The 
Starter Pack itself will cost you nothing; you pay only for the 
installation and hardware. (For more information, see 
www.novell.com/products/smallbiz/nsbs_starterpack/.) 
The Starter Pack includes everything that the full-fledged suite 
includes and comes in packs for either three or five users. Each 
pack allows for as many as two servers on your network. The 


important difference between the Starter Pack and the regular suite 
is that your buck (or lack thereof) stops at three or five users: if you 
want to grow beyond that number, you can purchase an Expansion 
Pack (U.S. $950), which unlocks this user limit and adds an 
(For 
www.novell.com/products/smallbiz/nsbs_expansionpack/pricing. html.) 


additional five user licenses. more information, see 


SCALABILITY 

The exciting news about this version of Novell Small Business Suite 
is how many of these five-user license packs you can purchase 
before you outgrow your small business suite. Prior to version 6.5, 
the Novell Small Business Suite enabled you to continue adding 
licenses for up to 50 users. With the 6.5 suite, Novell ups the ante 
from 50 to 100 user licenses. 

Why? To “provide a solution that is truly for small business,” 
says Novell product manager Troy Wilde. Wilde explains that 
analysts at research firms such as IDC and Gartner now define small 
businesses as firms with 100 or fewer employees. You should check 
out the scalability of some of the other network software you 
might be considering. You'll find that the Novell suite alone scales 
to 100 users. The others apparently consider small business to be 
smaller than analysts typically define: you'll have to kiss them 
goodbye between 50 and 75 users. 
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The other good news about the 6.5 suite is its licensing model. 
Novell Small Business Suite 6.5 uses a User Access License model, 
rather than variations on the concurrent user access licensing model 
used with previous versions. While the names of these licensing 
models might not clue you in, this change works in your favor. 

With the Concurrent User Access model in version 6.0, the 
number of licenses you purchase represents the maximum number 
of concurrent users on a network server, which might or might not 
equal the number of employees you have. If one user logs in to a 
server from four different workstations, this user consumes four 
licenses. The licenses are released to other users when this user logs 
out. In versions of the suite earlier than 6.0, printers and other 
similar network resources also consume user licenses. 

The User Access License model makes things a little easier. For 
one thing, printers and other network resources don’t consume 
user licenses. For another thing, the number of licenses you 
purchase should simply equal the number of employees you have. 
The number of licenses you purchase represents the number of 
users that can access the network, period. Hence, one user can 
access the network at any time from as many workstations as she 
wants at a cost of only one license. Perhaps most important, this 
model is identical to the NetWare 6.5 model, which means that if 
you outgrow the 100-user cap, you can transition without a 
licensing hitch to NetWare 6.5. 


MORE GOODS FOR GREATER PRODUCTIVITY 
The heart and soul of Novell Small Business Suite 6.5, NetWare 6.5 
also supports the affordability claim by helping to pack more stuff 
into this suite than earlier versions. (For more information, see 
Sweets in the Suite on p. 44.) For example, NetWare 6.5 includes 
Virtual Office, an out-of-the-box portal that is usable immediately 
after installing Novell Small Business Suite 6.5, depending on your 
installation selections. (For more information, see Little Effort, Little 
Time: The Big Easy Install on p. 41.) 

Virtual Office includes several ready-to-go gadgets that enable 
users to access most of what they need to do their jobs from 
anywhere with a Web browser and an Internet connection. To open 
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the door to their productivity tools, users simply type in your 


Virtual Office URL, which 
www.yourcompanyname.com. (See Figure 1.) From the Virtual 
Office home page, users can access their files (via Novell iFolder), 
corporate white pages (via Novell eGuide), your printers (via Novell 
iPrint) and their e-mail (via GroupWise WebAccess). 

Virtual Office also includes self-help features that help you 
to help employees help themselves. For example, using the 
Password Self-Service feature, users can change their own 
eDirectory passwords (that is, the password they use to access 
your network). When you're running a big business, password 
problems are a hassle for help desks, accounting for roughly 30 
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percent of all calls. When you're running a small business, 


password problems are a hassle for you because you don’t have 
a help desk. Offloading the task of managing passwords squarely 
onto employees’ shoulders enables you to focus on your job and 
encourages employees to get back to theirs. 

Like Password Self-Service, iFolder encourages employees to get 
to work, enabling them to do so from virtually anywhere and 
potentially increasing their productivity. Equally (or more) 
important, iFolder offers you the assurance of always-available data. 
iFolder stores users’ files on the hard disk drives of their Windows 
workstations (laptops or desktops) and also on an iFolder server, 
which users can access (with proper credentials) from the Web. 
When users access iFolder from home or some other remote location, 
the changes they make to their files will be stored on the iFolder 
server. The next time these users access their files from a system 
running the iFolder client, iFolder automatically synchronizes the 
changes they last made with the files on the current system. 

What this means to small business is easy file protection. Even 
under dire circumstances, such as a laptop theft or hard disk failure, 
users’ data—which, in many cases, is the lifeblood of your 
business—is always current, available and safe with iFolder. 
Furthermore, users don’t have to do anything fancy to protect their 
data. They simply open and save their files in the folder structure 
designated in iFolder, and iFolder takes care of the rest. 


LITTLE EFFORT, LITTLE TIME: THE BIG EASY INSTALL 

Of course, before users can enjoy the suite’s easy-to-use products, 
you have to get it up and running. Novell Small Business Suite 6.5 
includes two new pattern deployment options and several new 
wizards that simplify this task. 

To get started, you insert the Novell Small Business Suite 6.5 
CD and follow the on-screen prompts. Among other things, the 
prompts ask you to select a language, accept the licensing 
agreement and choose either the default or manual installation. 

Assuming you choose the default installation, the installation 
program automatically detects drives and creates an 8 GB sys: 
volume, where it copies Novell Small Business Suite 6.5 and 


NetWare 6.5 system files. When the file copy is complete, the 
Choose a Pattern page displays. From this screen, you choose to 
install a customized, basic or pre-migration NetWare server. You 
also choose to install one of seventeen preconfigured servers, two 
of which are unique to Novell Small Business Suite 6.5: 


1 Novell Small Business Collaboration Server with 
Virtual Office (recommended) 
2 Novell Small Business Collaboration Server 


If you want a complete collaboration solution, select the Novell 
Small Business Collaboration Server with Virtual Office. As you 
probably can guess from the name, by selecting this option, you 
install—with the click of your mouse—all of the components 
required to set up and manage a Novell Small Business server plus 
all of the components for GroupWise and Virtual Office. Selecting 
the Novell Small Business Collaboration Server option installs the 
same components without the Virtual Office bits. 


MANAGE YOUR TREE FROM WHEREVER YOU ARE 
If you select one of these two preconfigured server patterns, then 
after installation you can use the Small Business Setup Role in 
Novell iManager to complete network setup. (See Figure 2.) 
iManager is a Web-based management console that simplifies 
access to and management of your eDirectory tree. With a browser 
and a wired or wireless Internet connection and the necessary rights, 
you can perform any management task using iManager that you can 
perform using ConsoleOne (with the exception of reporting). To list 
only a few examples, you can use iManager to do the following: 


Create, delete and modify dynamic and static groups 

Create, copy, move, rename, delete and modify eDirectory objects 
Create new user accounts, clear lockouts and reset passwords 
Modify trustees, inherited rights filters and trustees’ rights 

to other objects 

Launch NetWare Remote Manager (NRM, pronounced “Norm”) 
to manage server resources 
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You also can run several of the traditional eDirectory utilities, 
including DSREPAIR and DSMERGE. You can even complete a few 
management tasks using a handheld device (with an Internet 
connection). (For more information about iManager, see “Keeping 
eDirectory Management Simple,” Novell Connection, July 2002. You 
can download this article from www.novell.com/connection 
magazine/2002/07/iMan72. pdf.) 


CONFIGURATION WIZARDRY 

The Small Business Setup Role in iManager enables you to complete 
the setup of key network services in significantly less time than it 
would otherwise take. Under the Small Business Setup Role, you 
click to launch any of five configuration wizards, named according 
to the task they help you complete: 


Assuming you have selected one of the preconfigured small business 
server options, you can use the Small Business Setup Role in Novell 
iManager to simplify and accelerate the setup of key network services, 
including e-mail, printing, DNS, DHCP and Internet connectivity. 
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Setup In et 
setup ons How the Tasks Work 
f Set Up Groupwise end Messenger ‘Most of the tasks run from a browser at the workstation and modify the configuration of your server. If you have 
I Peete multiple servers, make sure the browser URL refers to the server you want to be modified 
i seas. 
[see | Two different kinds of tasks are inctuded: run once and run muttipte, 
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aa i DHCP, and GroupWise. The run-once tasks show you an overview of what you need, ask for settings, and show you 


8 summary of what will be configured, When yau click Finish, the existing configuration is removed and replaced 
yy UDDL Publish & User Access. | with the new configuration you specified. The run-once tasks are denoted with the task prefix of ‘Set Up." 
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SET UP INTERNET Connectivity This wizard helps you configure the 
external network interface to telephone dial-up, Digital 
Subscriber Line (DSL), cable modem and Integrated Service 
Digital Network (ISDN) connections to the Internet. 


set up pns This wizard simplifies setup of the Domain Name 
System (DNS), a distributed database system that provides 
hostname-to-IP resource mapping (usually mapping hostnames 
to their IP addresses). 


seT up pucp This wizard simplifies setup of the Dynamic Host 
Configuration Protocol (DHCP), which automates the assignment 
of IP addresses on your network. 


SET UP GROUPWISE AND MESSENGER This wizard installs the GroupWise 
Messenger 6.5 instant messaging program, assuming that you 
click the box indicating that you want it to do so. As its name 
suggests, this wizard also automates much of the GroupWise 
setup, assuming that you install a new GroupWise system on a 
single server. (See Figure 3.) 


For example, you can choose to allow the wizard to auto- 
matically create GroupWise users and groups based on existing 
eDirectory accounts. In addition to speeding account creation, 
this option offers users the convenience of using the same 
password to access both the network (via eDirectory) and their 
GroupWise inbox. 


MANAGE PrinTERS This wizard enables you to add, modify, delete 
and install printers or create a custom map of printer locations. 


By using the wizards (after selecting a preconfigured server 
option), you seriously slash the amount of time and effort required 
to get your network services up and running. For example, Wilde 


estimates that by selecting a preconfigured small business server 


option and using the iManager GroupWise wizard, you transform 
an hour-long chore into a 15-minute task. 


LIKE NETWARE 6.5, GROUPWISE 6.5 LAYS CLAIM TO RELIABILITY. 


HIGH AVAILABILITY AND MAXIMUM SECURITY 

In addition to the affordability and ease-of-use issues that concern 
you when it comes to shopping for network software, you also 
turn a keen eye to areas of security and reliability. You're not 
alone: businesses of all sizes rank reliability and security near or at 
the top of their network software selection criteria. 

Novell Small Business Suite 6.5 earns the right to flaunt 
reliability and security adjectives for several reasons. One reason is 
that the suite includes Novell Cluster Services 1.7 and Novell 
BorderManager 3.8. These two products are designed specifically 
to ensure high availability of network resources and to secure 
access into and out of your network, respectively. (For more 
information, see Sweets in the Suite on p. 44.) 

Novell also earns the right to tout Novell Small Business Suite 
6.5 as reliable and secure because of the suite’s core products: 
NetWare 6.5 and GroupWise 6.5 have long-established reputations 
for being reliable and secure. (For more information, see the 
Novell Small Business Suite 6.5 white paper. You can view this 
paper at www.novell.com/collateral/4621394/462 1394. pdf.) 

In the April/May 2004 issue of Law Office Computing, attorney 
Jonathan Franklin and IT director Mark A. Akins allude to 
NetWare’s reputation in their review of NetWare 6.5. They launch 
their review by stating that Novell “continues to produce one of 
the best server products out there,” and adding that “NetWare is 
not only robust, but, more importantly [sic], it’s stable.” (You can 
view this article at www. becker-poliakoff.com/publications/article_ 
archive/pdf/akins_netware_review.pdf.) Their final verdict is that 
“firms that understand security, reliability and stability will want 
to look at [NetWare 6.5].” 

In terms of NetWare 6.5 security, you needn’t look further 
than the CERT Coordination Center (CERT/CC), a major reporting 
center for Internet security problems. In the 16 years that 
CERT/CC has been issuing advisories, it has issued only one 
NetWare-specific advisory. (Just as a point of comparison, in 2003 
alone, CERT/CC issued 12 advisories—out of a total of 28—to 
Microsoft products.) (For 
www.cert.org/advisories. ) 


more information, see 


Like NetWare 6.5, GroupWise 6.5 lays claim to reliability. However, 
its real claim to fame is its inherent security. For example, 
GroupWise is less vulnerable than its competitors to virus attacks, 
a point indirectly (and unintentionally) supported by Sophos, a 
leading provider of anti-spam and anti-virus software. 

At the end of each month and year, Sophos publishes a list of 
the top ten viruses. In 2003, the list included the infamous Sobig- 
F. Blaster-A and Nachi-A viruses, which together with the seven 
other viruses on the list caused billions of dollars worth of damage. 
Check out the 2003 list (or any of the lists published thus far this 
year). When you see the 2003 list, click the links to the 
explanations of each virus, and you'll find that the viruses were 
spread through Microsoft Outlook and Microsoft Exchange. (Go to 
www.sophos.com/virusinfo/topten/200312summary.html, 
for example.) 


By choosing either one of the two preconfigured 
small business server options during installation and 
using the iManager GroupWise wizard, you transform 
an hour-long chore into a 15-minute task. 
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sa Set Up GroupWise and Messenger 


[ifs] GroupWise and Messenger System Configuration 


Provide information about the location where your GroupWise system will be set up. The volume for domain and 
post office files is where the user e-mail messages and attachments will be stored. it typically requires a large 
‘amount of disk space. The volume must be mounted. The GroupWise agent software will be installed to sys:\system 
on the server. 
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eDirectory admin name fadmin sprtz 
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itbox forwarding (POP Forwarding Agent) 


FIGURE 3 
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Businesses running GroupWise throughout their enterprise were 
protected from these viruses, which is not a small matter, particularly 
to small businesses. Viruses can disable operating systems, leaving 
some or all of your already limited number of systems unusable. When 
systems are unusable, your business stalls, and you might lose sales. 
Even viruses that produce only irritating results (like a clicking noise 
every time you press a key) have to be dealt with eventually. With 
GroupWise, you are spared the hassle and cost of dealing with viruses. 


BE NICE TO THE LITTLE GUYS 

You've read the support for claims about the affordability, ease-of- 
use, reliability and security of Novell Small Business Suite 6.5. That 
leaves at least one area thus far untapped that you probably still 


Sweets in the Suite 


Novell Small Business Suite 6.5 includes several 
software tools that together offer secure network 
storage and access, advanced collaboration, 
remote workstation management and a variety 
of Internet capabilities. 


NETWARE 6.5 SUPPORT PACK 1 (SP1) 

NetWare 6.5 SP1 is a network foundation with lots of frills. (For 
information about some of the frills, see the list below of products 
included with NetWare 6.5 SP1.) 

Landing the top slot for network operating systems in the 2004 CRN 
Channel Champions Survey, NetWare 6.5 enables secure and unfailing 
access to your network and information resources, including network and 
server directories, files, printers, e-mail and application servers and 
databases. Furthermore, NetWare 6.5 enables users to access these and 
other resources not only from any network workstation, which you would 
expect, but also from any laptop or desktop equipped with a Web browser 
and an Internet connection. Whether users access network resources from 
home, a hotel, or a client’s or partner's locale, NetWare 6.5 tools secure 
the communications exchange. (For more information about NetWare 6.5; 
see www.novell.com/products/netware/.) For articles on NetWare 6.5 see 


http://www. novell. com/connectionmagazine/netwarepillars. htm.) 
NETWARE 6.5 SP1 INCLUDES THE FOLLOWING PRODUCTS: 


m@ NOVELL EDIRECTORY 8.7.1 


Novell eDirectory is a high-end directory service that offers a way for 
you to consolidate otherwise scattered information, providing a 
central location for storing user identity and network resource 
information. Consolidated identity and resource information is easier 
to manage. For example, with eDirectory, you can enter, store and 
manage identity information for all types of users—employees, 
customers and partners—and then control with precision their access 
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want to hear about: support for line-of-business applications. 
Novell Small Business Suite 6.5 supports many LOB 
applications that are essential for the day-to-day operation of small 
businesses worldwide. Novell Small Business Suite 6.5 supports 
industry-leading applications in the law industry, leading database 
vendor software and all of the applications that build to these 
databases, and software for verticals ranging from manufacturing 
to mortgage banking. To view a list of supported applications, go to 
the Novell partner solutions site at www.novell.com/coolsolutions/ 


smallbiz/partner_solutions. html. 

Also, in March, Novell introduced the Novell Small Business 
Suite 6.5 Application Partner Portal. With a valid Novell Small 
Business Suite 6.5 or Expansion Pack product serial number, you 


to network resources based on their role in or relationship to your 
organization. (For more information, see 
www.novell.com/products/edirectory.) 


DIRXML 1.1A STARTER PACK 
If you've already got some form of a network up and running, odds are 
that you've got a mix of operating systems. DirXML Starter Pack helps 
you better manage (to better secure) data and passwords across that mix. 
DirXML Starter Pack is a collection of DirXML 1.1a components 
that enable you to share data and synchronize passwords between 
three directories that commonly co-exist on today’s networks: 
eDirectory, Microsoft Active Directory and Microsoft Windows NT 
Domains. (For more information, see Your First Steps to Data-Sharing 
and Syncing, in the May/June 2003 issue of the magazine. You can 
download this article from www.novell.com/connectionmagazine/ 
2003/06/tech_talk_2.html.) 
NTERPRISE BRANCH OFFICE 1.0.2 
You might be small, but if your business is like a growing number of 
other small businesses, you have a branch office. Nterprise Branch Office 
offers uninterrupted access to file and print services for users who are 
visiting or are permanently stationed in a branch office, whether the 
lines you use to reach those offices are up or down. Additionally, 
Nterprise Branch Office automatically provisions access to network 
resources, reduces directory overhead and enables daily backups of 
branch office user data, reducing (if not eliminating) the cost and pain 
of providing, provisioning and managing network access at the fringe. 
(For more information, see Nterprise Branch Office in the Jan/Feb 2003 
issue of the magazine. You can download this article from 
www.novell.com/connectionmagazine/2003/02/ tech_talk_1.html.) 
NOVELL CLUSTER SERVICES 1.7 (with support for a two-node cluster) 
Novell Small Business Suite 6.5 enables you to create a two-node 
cluster to ensure the high availability of critical network resources, 
including connection licenses, data volumes, network services and 


applications. To do so, you load the Novell Cluster Services software 


FOR MORE INFORMATION ABOUT SMALL BUSINESS SUITE 6.5 
http://www.novell.com/products/smallbiz/ 


can advance through the portal, through which Novell partners 
offer exclusive discounts on their products. (For example, at the 
time this article was written, Grouplink was offering its GroupWise- 
supported ContactWise CRM product at a 10 percent discount, and 
Virus Buster was offering its Network Security Bundle more than 
20 percent off.) Other partners, including ACCPAC, Beginfinite, 
NovaSTOR, Omni and Tobit, were also offering exclusive deals to 


Novell Small Business Suite 6.5 customers. 


These partners and Novell itself have the same goal in mind: to 
serve the small business constituency. This point did not escape the 
notice of Small Business Television Network (SBTV) reporter Jorge 
Riopedre when he interviewed Wilde at this year’s Small Business 
Administration (SBA) Expo in Orlando, Florida. At the close of the 
televised interview, Riopedre concluded that it “sounds like Novell 
is trying to be very friendly to small businesses.” “Absolutely,” 
Wilde confirmed. N 


on two servers (the nodes), which then function essentially like a 
single system (the cluster). This cluster ensures uninterrupted access 
to resources through failovers, which occur when one node goes 
down and the other takes over, continuing to provide the failed 
node’s resources. The failover is seamless: users will not notice that 
anything has occurred. (For more information, see Keep the Server 
Side Up and the SAN Side Simple in the June 2001 issue of the 
magazine. You can download this article from www.novell.com/ 
connectionmagazine/2001 /06/cluster61.pdf.) 

a VIRTUAL OFFICE 1.0 
Virtual Office is a ready-to-go portal that comes with several 
preconfigured gadgets for various products, including Novell iFolder, 
Novell iPrint, Novell eGuide and GroupWise WebAccess. Out of the 
box, Virtual Office enables users to access via the Web their files and 
e-mail, your printers and company news and white pages. From the 
Virtual Office Web site, users also can change their own passwords. 


After you install and set up Novell Small Business Suite 6.5, Virtual 
Office is immediately usable. (For more information, see Free to Move 
in the Jan/Feb 2004 issue of the magazine. You can download this 
article from www.novell.com/connectionmagazine/2004/01/ 
tech_talk_1.html.) 


GROUPWISE 6.51 SP 1A 

Novell GroupWise expands the scope of where and how collaboration 
takes place, offering a broad feature set that includes integrated e-mail, 
instant messaging and scheduling, as well as task, contact and document 
management. You won't have to train anyone to use GroupWise, which 
works with most e-mail clients—traditional, Web-based and wireless —so 
users can use the client and the device they choose. Users can access 
their e-mail from desktops, laptops, Internet kiosks, cell phones and 
handheld devices. Equally if not more important, GroupWise ensures 


secure, authenticated communications (via e-mail and instant messaging) 
by tightly integrating with leading anti-virus and anti-spam solutions. (For 
more information, see First Look: GroupWise 6.5 in the Jan/Feb 2003 


issue of the magazine. You can download this article from 
www.novell.com/connectionmagazine/2003/02/tech_talk_2.html.) 


ZENWORKS FOR DESKTOPS 4.02 

ZENworks for Desktops reduces desktop management costs and 
potentially increases user productivity. Without requiring specialized client 
software on the workstation, ZENworks for Desktops enables you to 
distribute, configure, update and troubleshoot desktop and laptop 
software across your network —and over the Internet. (For more 
information, see www.novell.com/products/zenworks. Also see Managing 
Pure Windows Desktop Environments in the May/June 2003 issue of the 
magazine. You can download this article from 
www.novell.com/connectionmagazine/2003/06/tech_talk_1.html.) 


NOVELL BORDERMANAGER 3.8 

Through its tight integration with eDirectory, BorderManager enables you to 
control users’ access into and out of your network via the Internet based on 
their role in or relationship to your organization. BorderManager includes 
Network Address Translation (NAT) and ICSA Labs-certified firewall services, 
which provide packet filtering and basic reverse proxy services. 

BorderManager also offers forward proxies for several Internet 
protocols, including HTTP, FTP, Mail, News, Telnet and DNS. Forward 
proxies sit between your users and the Internet to retrieve requested 
content (such as Web pages) on behalf of the users, so that users never 
access the Internet directly. 

BorderManager also features new virtual private network (VPN) 
services, which enable you to provide remote offices or individual users 
with private and secure access to your network over a public network 
(such as the Internet). VPNs offer benefits comparable to the benefits of 
owned or leased lines without the prohibitive expense of these lines. (For 
more information, see Opening Up and Tying Down Remote Access 
Security in the Nov/Dec 2003 issue of the magazine. You can download 
this article from www.novell.com/connectionmagazine/2003/12/ 
tech_talk_2.html.) 
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} 


Y NOW, SURELY ALL READERS OF NOVELL 
Connection have heard of Linux and know it as an operating system 
of the future. Novell is playing a key role in the proliferation of Linux, 
the open source operating system, and the time is right to do so. 

When the word Linux comes up in a conversation, all too often 
it is accompanied by questions about just what you can do with it. 
While this may have been a valid question five or more years ago, 
a much better question for today is, “What is there that you cannot 
do with it?” 

As the operating system has matured, the number of offerings 
for it has expanded exponentially. There are word processors, 
HTML editors, fax applications, CD players and the list goes on and 
on. It is now safe to say that there are very few niches where 
applications are available for other operating systems and not also 
available for Linux. 

The following compilation is a shortened version of what you 
can find on the Web site at www. novell.com/connection magazine. 
This was created for two purposes: 1. to illustrate the vast number 
of possibilities that exist with the operating system, and 2. to offer 
enough information (contact/Web/etc.) to allow you to further 
research items that you think can benefit your organization. Space 
restrictions prevent this list from being 100 percent complete, but 
every attempt has been made to focus on those items of most 
meaning to administrators. In condensing and choosing which 
items to focus on, I am certain that something has fallen through 
the cracks and overlooked; if you know of such an application that 
you can’t live without, please let us know and it will be included in 
any future updates on the Novell Connection magazine Web site. 
Lastly, | would be remiss in not paying a great deal of gratitude to 
Linux Online (linux.org) for providing a blueprint for the various 
categories and descriptions, including licensing models, used in this 
compilation. 


WHAT TYPE OF LINUX APPLICATIONS ARE THERE? 

The number of applications available for the Linux operating 
system is nothing short of staggering. For the sake of space, the 
applications here have been divided into five categories that may 
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be of the most interest to system administrators: Administration, 
Communication, Development, Networking, and Office. 

Within each of those five categories, I’ve listed only my own 
favorites—a much more complete list can be found in the version 
of this article posted on the Web site. Again, a debt of gratitude is 
owed to Linux.org for some of the descriptions and information on 
licensing; I highly suggest you make this site a regular stop in your 
browsing journeys. 


ADMINISTRATION 
As a system administrator, the tools that fall beneath this category 
can make or break you. If you have a good system backup when the 
server fails and can restore the data quickly, you're a hero. If you 
can’t do that, you may find yourself trying to get those copies of 
your resume off of the printer before others notice them. 

This provides a convenient segue into the first of five 
administration subcategories: that of backup applications. 


The BRU backup and recovery program offers a 


simple interface to common data backup functions. 


| | |CRU_Linux-2.4.6 install tar 
||CRU_Linux-OBDR-2.4.6 tar ae 


| /UceNse || | 
| |instateru | | 
| |imt-st-0.7-3,386 rom | i 
|| Ade i 
1] ZL 4! 
| 
| 4 
| 

| 

| 


pre |mt-st-0.7-6 i386 rpm 
|)x86-linux-glibe2.1-17.0.tar 
ixbruf 
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BACKUP 


PRODUCT 
AFBackup-Manager 


AMANDA 

Arkeia 

BRU 

CDTARchive or CDTAR 

Crash Recovery Kit for Linux 
DAR - Disk Archive 

KDar - the KDE Disk archiver 
NovaNET 8.5 

Oracle Backup 


SimpleBackup 


Storix Backup Administrator 


for Linux 


LOG TOOLS 


apachedb 
AWStats 


Cascade Historian 


DESCRIPTION 
A Webmin module for easy administration of 


backup tasks. 


Advanced Maryland Automatic Network Disk Archiver Free to use but 


Enterprise-class network backup for Linux and 


Unix networks. 


A backup solution for Linux and UNIX. 

Graphical Backup program for Linux 

A crash recovery kit for Linux 

Full and differential backup over several disks, 
compression, and other features 

Disk-based archiving and backup GUI for KDE 
based on libdar. 

Tape backup for single server. Upgrade to network, 
plus stacker available. 

An easy-to-use backup and restore utility 

for Oracle databases. 

A simple, flexible and very portable directory 
backup program. 

Full featured Linux backup product with complete 


and flexible system recovery. 


Logs Apache transfers into a mysql database. 


Free GNU log file analyzer for advanced web statistics. GPL 


Real-time data storage and query. 


Cascade Textlogger 


FTPWebLog 


Logs real-time data as ASCII text. 


An integrated WWW and FTP log reporting tool. 


Funnel Web Analyzer Enterprise A large-scale Web server log analysis tool. 


LICENSE SITE 


Commercial http://www.sourcepole.ch/sources/software/afbackup_manager.wbm/ 


http://www.amanda.org/ 
restricted 

Free for Arkeia http://www. arkeia.com/ 
Light or Commercial 


for full version 


Proprietary http://www.tolisgroup.com/ (See Figure 1.) 

GPL http://cdtar.sourceforge.net/ 

GPL http://crashrecovery.org/ 

GPL http://dar.linux.free. fr/ 

GPL http://kdar.sourceforge.net/ 

Commercial http://www.novastor.com/ 

Shareware http://www. kiesoft.com/ 

GPL http://migas.mine.nu//index.php ?pag=en.myapps&subpag=simplebackup 
Commercial http://www. storix.com/ 

GPL http://sourceforge.net/projects/apachedb/ 


http://awstats.sourceforge.net/ 
Free for non- http://www.cogent.ca/index. html ?http://www.cogent.ca/ 


commercial use — Software/Historian.html 


Free for non- http://www. cogent.ca/index.html http://www. cogent.ca/ 


commercial use — Software/TextLogger.html 


Freeware http://www. nihongo.org/snowhare/utilities/ftpweblog/ 


Commercial http://www. funnelwebcentral.com/ 
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LOG TOOLS conrmueo 


PRODUCT 
http-analyze 


DESCRIPTION 


Log analyzer for Web servers 


LICENSE 
Free for personal 


(non-commercial) 


SITE 
http://www. http-analyze.org/ 


Lire 


Automatically generate reports from various log files. 


LogDog 


A tool that monitors messages passing through 


syslogd and takes action based on key words. 


GPL 
GPL 


http://www. logreport.org/ 
http://caspian.dotconf net/menu/Software/LogDog/ 


logrep 


A logfile extraction and reporting system. 


GPL 


http://logrep.sourceforge.net/ 


NetTracker 


A Web site log file analyzer. 


Proprietary 


http://www.sane.com/ 


packet2sql 


Pulls packet logs out of log files and 


converts them to SQL. 


GPL 


Squij 


Squid logfile analyzer. 


GPL 


http://sourceforge.net/projects/packet2sql/ 


http://www.mnot.net/squij/ 


Tcpdstats 


tcpd log analyzer. 


Visitors 


A fast Web log analyzer. 


Webalizer 


Freeware 


http://kaostech.com/ 


GPL 


Web server log analysis program. 


GPL 


Weblogmon 


Web server users and usage monitoring program. 


GPL 


MONITORING TOOLS 


Array-util 


Utility to monitor Compaq Smartarray controllers. 


GPL 


http://www. hping.org/visitors/ 


http://www. mrunix.net/webalizer/ 


http://weblogmon.sourceforge.net/ 


http://starbreeze.knoware.nl/~hugo/array-util/ 


Big Brother 


Highly efficient network monitor. 


BrightQ 


Commercial 


http://quest.com/bigbrother/ 


A printer monitoring and configuration frontend. 


Commercial 


http://www.codehost.com/ (See Figure 2.) 


Checkservice 


A service checker for multiple (remote) hosts. 


Ethereal 


GUI network protocol analyzer. 


Event Monitor Project 


Monitoring tool for heterogeneous networks 


and systems based on message passing. 


GPL 
GPL 
GPL 


http://www. linvision.com/checkservice/ 
http://www. ethereal.com/ 


http://www.jmcresearch.com/projects/eventmonitor/ 


Fidelia Helix 


Low cost fault and performance monitoring 


of servers, networks, applications. 


Fidelia NetVigil 


Scalable distributed real-time monitoring software. 


FileTraq 


Commercial 


Commercial 


A system file monitor. 


GPL 


http://www. fidelia.com/helix/ 


http://www. fidelia.com/products/ 
http://filetraq.xidus.net/ 


The BrightQ frontend provides a common graphical 


(as well as command line) interface for the print spoolers. 


K moodss! arp, 
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Fitto Page Prompt User 


Levels of Gray Printer’s Current Setting 


Pages per Sheet 1 Portrait) 
Print Watermark A All Pages ~ First Page Oniy 
Resolution Enhancement v Of “On 
Scale Patterns On 
Watermark None 
Bis fit ceftahaNibRSEEEE es eae Meee 
Watermark Angle 45 Degrees 
Watermark Font ‘Heivetica Bold 
Watermark Size 46 Points 


File Print Printer 
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Moodss is a graphical monitoring application that creates 
dashboards to offer a quick view of what is happening. 


ustits, diskstats, mounts, netdov, route, track Mila (every 20 Seconds) 
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FIGURE 2 
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FIGURE 3 


NETATALK IS FREE AND CAN BE DOWNLOADED AT 
http://netatalk.sourceforge.net 


Linux Integration 


As an administrator, your primary concern is with 
getting data where it needs to be when it needs 
to be there. The fact that users are using 
Windows or Linux or Macs is of little relevance 
on a daily basis as long as everyone can do the 
job they need to do. Your headaches come when 
the interaction that should be there isn’t. 


Thankfully, in today’s networking environment integration is mostly 
a matter of understanding the options and knowing what can be done. 
There are four ways to establish integration with Linux. The first is to 
do everything you can to sidestep the issue and get the results you 
need without committing all the way. The second is to integrate the 
Linux hosts with the world of Windows, and the third is to integrate 
with NetWare. For those who don’t fall into either category, the fourth 
approach is to integrate Linux with Macs. 

A number of solutions exist to provide interaction, but not 
necessarily integration. One such solution is VMware from VMware, Inc. 
This software is available in both a workstation and server version. 
Essentially, what it does is allow you to run virtual sessions of multiple 
operating systems at the same time on the same machine(s). In so 
doing, you can run Windows at the same time you are running Linux 
and access the files that each need in order to be able to work within 
separate environments. Information on VMware can be found at 
www.vmware.com, with the features for workstation at 
www.vmware.com/products/desktop/ws_features.htm! and the 
specifications (detailing what operating systems it can run) at: 
www.vmware.com/products/desktop/ws_specs.html!. The advantage to 
this solution is that it allows you to run many different operating 
systems and it can be a solution when migrating to Linux. An 
alternative to this is Win4Lin from NeTraverse (www.netraverse.com/). 

One of the most common heterogeneous network environments 
currently in existence is that of Linux/Unix and Windows. The 
“Windows” can be in the form of workstations (9x, NT, XP, etc.) or 
servers (NT/2000/2003). Regardless of the type of Windows used, the 
needs are the same (file sharing and printing) and the solutions are 
essentially the same: Samba or Services for Unix. Samba allows a Linux 
host to act as a file and print server for the Windows (and OS/2) world. 
It is made freely available under the GNU General Public License and 
can be found at: www.samba.org/. 


Services for Unix is Microsoft’s answer to Samba. Originally available for 
a fee, it became free recently with the release of version 3.5. More 
information, as well as download links can be found at 

www. microsoft.com/windows/sfu/default.asp. 

Older NetWare implementations (those that you are likely to have 
around only for legacy purposes) below version 4.0 used a bindery as 
their primary file system. Integration with these servers is possible with 
MARSnwe—the MARS NetWare emulator. This allows the Linux host to 
act as an IPX router and run most utilities. There are a large number of 
solutions for integration between newer versions of NetWare and Linux. 
Go to www.novell.com/linux/ for up-to-the-minute information on 
migrating to Linux, and using Nterprise Linux Services for integration. 
Downloads of available solutions can be found at 
www.novell.com/linux/download_linux.html. 

The solution needed to communicate between MacOS clients and 
Linux is Netatalk. This software suite allows the Linux host to act as a 
file/print server for AppleTalk clients. It accomplishes this by running 
three daemons: atalkd (the network manager), afpd (the filing 
protocol), and papd (the printing protocol). Like Samba, Netatalk is 
free, and released under the GNU General Public License. It can be 
found and downloaded from http://netatalk.sourceforge. net. 


The Win4Lin product offers you a simplified configuration 
menu easing migration from Windows to Linux. 
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MONITORING TOOLS CONTINUED 


PRODUCT DESCRIPTION LICENSE SITE 
fprobe A NetFlow probe. GPL http://fprobe.sourceforge.net/ 
HostGuardian Server, port, process, router, and Commercial http://hostguardian.com/ 

bandwidth monitoring. 
imapbiff New mail notifier for IMAP accounts. GPL http://bulldog. tzo.org/imapbiff/imapbiff. html 
InfoWatcher A system and log monitoring program. Free for non- http://www. protech-eng-svcs.com/ 

commercial use 

10G A network I/O byte grapher made to track Artistic License http: //www.dynw.com/iog/ 

KB/MB/GB totals for hours, days and months. 
iplog TCP, UDP and ICMP logging utilities for Linux. GPL http://ojnk.sourceforge.net/ 
ippl IP Protocols Logger. GPL http://pltplp.net/ippl/ 
IPTraf An ncurses-based IP LAN monitor. GPL http://cebu.mozcom.com/riker/iptraf/ 
JEXN Allows you to receive instant exception stack GPL http://sijpkes.20m.com/jexn/ 

traces in your email if your software crashes. 
Linux Kernel A kernel patch to incorporate metering GPL http://oss.sgi.com/projects/lockmeter/ 
Spinlock Metering of spinlock-usage. 
Loadmeter System monitoring app for X11 that displays GP http://www. cactii.net/~bb/linux/ 

stats and information. 
meminfo Report memory and swap information. GPL http://meminfo.seva.net/ 
MIDAS-NMS A Network Monitoring and intrusion detection server. MIT http://midas-nms.sourceforge.net/ 
mon Highly configurable service monitoring daemon. GPL http://www. kernel.org/software/mon/ 
moodss Modular Object Oriented Dynamic Spreadsheet. GPL http://moodss.sourceforge.net/ (See Figure 3.) 
mpstat Helps monitoring SMP machines. GPL moved to http://home.earthlink.net/~joseph-ja/ 
Mrtg Multi Router Traffic Grapher. GPL http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg.html 
mtr Network diagnostic tool. GPL http://www. bitwizard.nl/mtr/ 
NEBULA Hot-spot polling, autodiscovery, basic PM and more. _ Proprietary http://www.linmor.com/ (See Figure 4.) 
NetSaint A relatively simple active network monitor. GPL http://www.netsaint.org/ (See Figure 5.) 
Netwatch Ethernet Monitor. GPL http://www.sictech.org/~mackay/netwatch. htm! 
Network Packet Capture A set of Java classes that provide an interface Mozilla Public http://jpcap.sourceforge.net/ 


Facility for Java 


License (MPL) 


Nebula lets you drill down with graphical reports 
to visualize historical data and spot trends. 
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FIGURE 4 


NetSaint has the ability to e-mail or page you when a 
problem on your network arises and when it gets resolved. 


FIGURE 5 


PRODUCT DESCRIPTION LICENSE SITE 

Perro A set of daemons that log TCP/UDP/ICMP packets. GPL http://www. grigna.com/diego/linux/perro/ 

phasi (PHP Another Another tool for system info written in PHP. GPL http://www. technojuice.net/phasi/index.html 

System Info) 

PIKT (Problem Informant/ An innovative new systems administration paradigm. GPL http://pikt.org/ 

Killer Tool) 

pmem Small utility to display memory usage of programs. GPL http://www.pmem.net/ 

PolyServe Matrix HA Data replication high-availability server clustering, Commercial http://www. polyserve.com/products_mslinux.html 
ailover and load-balancing software-only solution. 

PPPStatus Console-based PPP status monitor. GPL http://pppstatus.sourceforge.net/graphic/index.html (See Figure 6.) 

Printerspy Perl/Tk tool to monitor printers via SNMP. GPL http://heim.ifi.uio.no/~pok/download/ 

ProcMeter3 System monitor with multiple graphical outputs. GPL http://www.gedanken.demon.co.uk/procmeter3/ 

RUE Resource utilization explorer. BSD type http://rue.nolimits.ro/ (See Figure 7.) 

sawdog A Perl/Expect-based active multiserver watchdog. GPL http://open.digicomp.ch/gpl/sawdog/ 

Sensor Sweep Applet A GNOME panel applet that monitors system GPL http://www.coverfire.com/sensor_sweep_applet/ 
health through the Im_sensors modules. 

SNMP Monitor SNMP critical values monitoring. GPL http://geekcorp.com/snmpmonitor/ 

Spong Simple System/Network Monitoring. GPL http://spong.sourceforge.net/ 

Sysload Monitors and correlates heterogeneous OS, DB Proprietary http://www. nrgglobal.com/products/sysload.php 
and Apps with alerting and trend analysis. 

Sysmon High performance network monitoring tool. Public Domain http://www.sysmon.org/ 

tcp_wrappers Monitors and controls incoming TCP connections Freeware ftp://ftp.porcupine.org/pub/security/index.htm! 

Tkload TkPerl tool for monitoring load on remote Artistic http://www.systhug.com/tkload/ 
servers using SNMP. 

TkLogSpy An easy and light program to monitor log files. GPL http://alfalinux.sourceforge.net/others.php3 

XMSGD (X Message Daemon) A background program which displays simple GPL http://thomas.apestaart.org/projects/Xmsgd/ 
text-based messages on your X display. 

Xcounter A simple IP traffic monitoring program. GPL http://www. fortunecity.com/skyscraper/romrow/935/ 

Xtraceroute OpenGL traceroute. GPL http://www. dtek.chalmers.se/~d3august/xt/index. htm! 


RUE is intended to be used as a general, local 
or remote, performance monitoring tool. 


File Edit View Go Communic: 


PPPstatus is a simple, easy-to-use program for displaying 
ingoing and outgoing TCP/IP traffic statistics in real time. 


 PPPstalus. = 
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USER MANAGEMENT 


PRODUCT DESCRIPTION LICENSE 
IC-RADIUS A Cistron-based RADIUS server that uses MySQL GPL 


to store all of its data. 


SITE 
http://www. icradius.org/ 


Jws (Jabber Web Steward) Allows users to submit requests for new accounts. Artistic License _ http://www. inutility.net/files/ 

KDirAdm KDE LDAP Directory Administrator. GPL http://www. carillonis.com/kdiradm/ 

Linux-PAM Linux Pluggable Authentication Modules. GPL http://www.us.kernel.org/pub/linux/libs/pam/ 

PRODUCT DESCRIPTION LICENSE SITE 

Maly Soft Directory Manager Web-Based LDAP Contact List, UNIX/Windows Commercial http://www. malysoft.com/cgi-bin/getPage.p! (See Figure 8.) 
User and Group Accounts, Mailing List, 
and Room/Office Locations 

Webmin Usermonitor An interface that provides an overview of all GPL http://www. gehrigal.net/projects/webmin_usermonitor/ 


users on the system. 


OTHER ADMINISTRATION COMMUNICATION 


There are a great many other administrative tools available for Second only to administration in terms of making life for a system 
Linux other than those listed here. In order to conserve space and administrator bearable, the communication tools are necessary for 
create a workable list, we chose to focus only on the four categories _users to interact effectively with one another and with the outside 
given. The linux.org site also contains administrative listings fora world. The three categories focused on here are conferencing, fax 


handful of other categories. and phone applications. 


CONFERENCING 


PRODUCT DESCRIPTION LICENSE 


a eeeaeaseaeaeoeowoNNNNNNN 
AndyChat A multi-protocol curses-based console chat program. Freely distributable http://www.secret.com.au/progs/andychat/ 

GnomeMeeting Videoconferencing application. GPL http://www.gnomemeeting.org/_(See Figure 9.) 

Silky An easy to use graphical SILC client. GPL http://silky.sourceforge.net/ 


Maly Soft Directory Manager is an LDAP management interface for 
administering users and groups as well as e-mail aliases and mailing lists. 


File Edit Yiew Tab Settings Go Bookmarks Tools Help 


G~-e-@O@s [http stomas2:61 /DirectoryManager/cgi-bin/Browse pl/mall + 


« @LOAP » Bt » FcPAN> & 


SITE 


GnomeMeeting is a videoconferencing and 
VOIP/IP-Telephony application that enables 
you to make audio and video calls to remote users. 
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FAX 


PRODUCT DESCRIPTION LICENSE SITE 

Fax2Send Fax Client Server for Linux. Proprietary http://www. fax2send.com/fax2send/page/home. htm! 
LightningFAX_ Enterprise Fax Server. Proprietary http://www. faxserver.com/products/lightningfax/features.htm 
Pyla A multiplatform Hylafax Client. GPL http://www.teamsw. it/pyla/ 


PHONE 


AWAG A simple dial and voice-put program. File Download http://members.gon.at/stsz/awag. tar.gz 
Bluel VMail A “semi-complete” voicemail system. GPL http://sourceforge.net/projects/bluelvm/ 
CapiSuite Python scriptable CAPI ISDN application including GPL http://www. capisuite.de/ 
multi user answering machine and fax scripts. 
KAM2 K Answering Machine for ISDN lines. GPL http://www. kpage.de/en/index.html 
KRad KDE Phone Phreaking Utility. GPL http://www.div8.net/krad/ 
PACER Predictive Dialer Call center phone system and predictive dialer. Commercial http://www.databasesystemscorp.com/pssmartpredictive. htm 
WAPMail A completely customizable email interface for Commercial http://netwinsite.com/wapmail/index.htm 


DEVELOPMENT 


mobile phones with full access to features. 


If you're like most administrators, you’ve discovered that it is not 


enough to just run over-the-counter applications; sometimes you 


HTML EDITORS 


have to create your own. There are loads of development tools 
available for Linux, and they have been divided into the following 
subcategories: HTML Editors, Languages, Libraries and Tools. 


A server side framework for developing HTML Proprietary http://www. activeintellect.com/aspire/ 


Aspire 

applications that access corporate data sources. 
Bluefish A high quality, highly functional, HTML editor. GPL 
MML An HTML templating preprocessor. GPL 
SCREEM Site Creating & Editing Environment. GPL 


http://bluefish.openoffice.n|/index2. html 


http://www. martmart.uklinux.net/mml/ 


http://www.screem.org/ 


Linux Certifications 


One of the best ways to verify your skills in the IT realm is by having a 


third party authenticate your knowledge. It is this approach that has led 


to the highly successful CNE certification from Novell, and dozens of 


other examples. It is also the raison d'étre behind numerous Linux exams. 


Within the Linux world, certifications tend to fall within one of three 


categories, based on skill level: beginning administrator, intermediate and 


advanced. For beginning administrators is the Linux+ exam from CompTIA 


(pass one multiple-choice exam and you are certified for life) and the 


LPIC Level 1 certification from the Linux Professional Institute (two exams 


that are multiple choice as well as fill in the blank). More information on 


these two certifications can be found at 


www.comptia.org/certification/linux/default.asp and 


www.lpi.org/en/Ipic.html, respectively. 

Intermediate certifications are available from LP! (LPIC Level 2), and 
SUSE (SCLP — SUSE Certified Linux Professional). The latter requires you 
to first be LPI Level 1 certified, then builds on it by testing only SUSE- 
based knowledge. More information on the LPI offering can be found at 
www.Ipi.org/en/lpic.html, while information on SCLP can be found at 
www.suse.com/us/business/services/training/certification/sclp.html. 

When it comes to advanced certifications, the CLE (Certified Linux 
Engineer) from Novell requires passing a performance-based exam and 
focuses on the application of higher skills more than other entries. 
Information on this certification can be found at 
http://www.novell.com/training/certinfo/cle/. 
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LANGUAGES 


PRODUCT DESCRIPTION LICENSE SITE 
Amzi! Prolog + Logic Logicbase development tools/libraries Proprietary http://www.amzi.com/ 
Server Free for standalone and Web applications. 
ElastiC A very-high level OO language, Open Source http://www.elasticworld.org/ 
Emu (Embeddable A clean, fast, flexible programming language. MIT/X Consortium http://emulang.sourceforge.net/ 
Utility Language) License 
Freepascal Free Pascal compiler. GPL (compiler http://www.freepascal.org/ (See Figure 10.) 
+ tools) and 
LGPL (libraries) 
JS/CORBA Adapter Provides a mechanism for arbitrary JavaScript Mozilla Public http://sourceforge.net/projects/jscorba/ 
objects to interact with each other. License (MPL) 
Kew A simple, embeddable, container-based, Lesser General http://dunkworks.com/projects/kew/ 
object-oriented programming language. Public License (LGPL) 
Onyx A powerful stack-based, multi-threaded, BSD License http://www.canonware.com/onyx/ 


pENC (Perl Source 


As the name implies, it is used to encrypt 


interpreted, general purpose programming language. 


Commercial 


http://www. p3ptools.com/index. php ?category=pENC 


Code Encryptor) Perl Source Code. 

Perl A high-level programming language well suited Artistic License http://www.perl.org/ 
to system administration tasks. 

PHP An open source general-purpose scripting language The PHP License http://www. php.net/ 
that is especially suited for web development. 

Regina Rexx A Rexx interpreter that has been ported to LGPL http://regina-rexx.sourceforge.net/ (See Figure 11.) 
most Unix platforms. 

Turbo Vision A G++ library that provides a nice user interface GPL http://tvision.sourceforge.net/ 


for console applications. 


Free Pascal (aka FPK Pascal) is a 32-bit pascal compiler 
available for different processors including Intel x86, 
Motorola 680x0 (1.0.x only) and PowerPC (from 1.9.2.) 


Free Pascal - Home Page - Mozilla Firefox 


File Edit 
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Latest News 


. computer running Morphos, 


| 31 May 2004 ~ & third public beta for 2.0 has released as version 1.9.4, PowerPC is 
| stable and has now also support for MacOS. 


6 June 2004 Today the PowerPC compiler first compiled itself on a Pegasos 11/G4 


| 02 May 2004 - The first 64-bit port has arrived. Tonight, FPC compiled itself for the 
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first time on a 64-bit system. The system was of the AMD64 type. 


See the news page for more information. 


Current Version 


FIGURE 10 


16 March 2004 - The missing compiler versions for 1.0.10 are now uploaded; these 
consists of the AmigaOS, Solaris, QNX and BeOS compilers. 


Version 1.0.10 is the latest stable version the Free Pascal. Hit the download link and 
select a mirror close ta you to download your copy, Current development is done on 
version 2.9.x, The latest beta release is 2.9.4. See the development page how to 


Rexx is a programming language designed to be easy to use for 


inexperienced programmers, yet powerful enough for experienced 


users. It is ideally suited as a macro language for other applications. 


Regina - Cross-platform Rexx Interpreter - Mozilla Firefox 
File Edit Yiew Go Bookmarks fools Help 
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f___ Hone _\Regina is a Resor interpreter that has been ported to most Unix platforms (Linx, FreeBSD, Solaris, AIX, 

HP-UX, etc.) and also to OS/2, eCS, DOS, Windw/Me/NT/2k/XP, Amiga, AROS, QNK4.x, QNK6.x 

J fogina YB2OS. MacOS X, EPOC32, AtheOS, OpenVMS, SkyOS and OpenEditon, Rex is a programming 
language that was designed to be easy to use for inexperienced programmers yet powerful enough for 

experienced users. It is also a language ideally suited as a macro language for other applications 

Tam not the author of Regina, but have assumed responsibilities for future maintenance with the full 


support of the author, Anders Christensen. 


There are two major goals for Regina 


* become 100% compliant with the ANSI Standard. 


* be available on as many platforms as possible 


With the release of Regina 3.1, the first goal has been achieved, Regina now implements all ANSI 
features, as far as I know. Until an ANSI test suite is available, then you'll have to take my word for it ;-) 


f__Rxsock _| Recent changes te Regina 
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LIBRARIES 


PRODUCT DESCRIPTION LICENSE SITE 
Adevs A C++ library for developing discrete event simulations. LGPL http://www.ece.arizona.edu/~nutaro/ 
CASElow A library that intercepts library calls, and makes GPL http://0x00.org/programs/CASElow/ 

the filesystem appear to be case insensitive. 
CodeBase Database Fast database engine for most programming Commercial http://www.sequiter.com/ (See Figure 12.) 
Development Tools languages and operating platforms. 
Cogent API An interface for Cascade and other Cogent software. Free for non- http://www. cogent.ca/Software/API.html 


commercial use 


DObjectLibrary C++ A working Java-like library. GPL http://s-mail.org/dol.html 

Flate A template library used to deal with HTML code GPL http://flate.dead-inside.org/ 
in CGI applications. 

gtkmm A powerful C++ binding for the GNOME libraries. LGPL http://gtkmm.sourceforge.net/ 

HawkNL (Hawk Game oriented network library for Linux/Unix LGPL http://www. hawksoft.com/hawknl/ 

Network Library) and Windows 9x/ME/NT/2000. 

Java-GNOME A Java binding for the GTK and GNOME libraries. LGPL http://java-gnome.sourceforge.net/ 

JNIWrapper Bridge technology that allows calling functions Commercial http://www. jniwrapper.com/index.jsp (See Figure 13.) 
from native APIs or from any native DLLs. 

Lesstif An implementation of the OSF/Motif LGPL http://www. lesstif.org/ 


standard GUI toolkit for X11. 


MegaZeux A game creation system with ASCII graphics GPL http://megazeux.sourceforge.net/ 


and a scripting language. 


netwib Provides sniff, spoof, client, server and most LGPL http://www. laurentconstantin.com/en/netw/netwib/ 


functions needed by network programs. 


Netxx A modern C++ network programming library. BSD http://pmade.org/software/netxx/ 


Next Generation An M:N threading model for Linux. LGPL http://oss.software.ibm.com/developerworks/opensource/pthreads/ 
POSIX Threading 


CodeBase allows applications to share databases JNIWrapper is a software development kit for working with native 
across the network using the client/server model. code from Java programs without using Java Native Interface. 


» CodeBase Database Development Tools for Programmers - Mozilla Firefox 


Bile Edit Yiew Go Bookmarks Tools Help file Edt Yiew Go Bookmarks Tools Help 
S- 2-2 «6 
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Bringing worlds together, | 


se the power of established technologies. 

+ All popular languages 

* All popular operating systems 

* ADO, ADO .NET, JDBC, ODBC, SQL 

+ FoxPro, dBASE & Clipper files supported 
}) + Internet-ready 

* Low-level control 


Explorer: in the browser 
/ pr your Java 


What is INIWrapper? 


INIWrapper is the software development kit for working with 
native code from Java™ programs without using Java Native 
Interface. 


What does it do? 

Our product shields you from working with INI. With Java to COM integration 
INIWrapper there is no need for you to create native code iad ret 

libraries to call 8 function of the operating system API or a Lear” more of how to integrate 
function from any dynamic library. You write your code using _-—«-YUr Java application with COM. 
Java only, and our product does the rest. dhinns acne 

Why should I care? See INIWrapper features 
INIWrapper makes integration with native code intuitive and @H0N In 


| Our database solutions range from the tiny to the 

} large with the flexibility to meet almost any need. 

|) Create handheld computer software, networked 
multi-user programs, enterprise-level 
client/server applications, or anything in 

|) between. 


Make your data fly with CodeBase 


| CodeBase avard-winning solutions are reliable 
“CodeBase haz a wealth of features and canbe a lifesaver, | and well-tested. We use over 100,000 lines of. 
Iinvegrates wall with Visual Studio andthe marriage does —__regression test code developed over the last 17 
karious work | years, Over 50,000 licensed programmers and 
| millions of end users ensure additional 
Ron Schwarz, Visual Studio Magazine | dependability. 


> WinPack © no 


perf 
of data. Official extensions like WinPack and explorer, bring JExpiorer Online Demo 
you ready-to-use integration solutions. Seamicads 

Leam more: > INIWrapper for Windows or Linux 


Overview » WinPack for INIWrepper 


[Move 
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LIBRARIES CONTINUED 


PRODUCT DESCRIPTION LICENSE SITE 
POE (Perl Object Environment) A Perl framework for networking and multitasking. Perl Artistic/GPL http://poe.perl.org/ 


State Threads A library of writing fast and highly scalable MPL / GPL http://state-threads.sourceforge.net/ 
Internet applications. 
The pyxhtml Python XHTML Can be used to generate XHTML documents. GPL http://sourceforge.net/projects/pyxhtml 
document class 
YACLib A data structures library written in C. GPL http://www.angelfire.com/linux/docinclude/yaclib/index. html 
Zipiost++ A java.util.zip-like C++ library for reading LGPL http://zipios.sourceforge.net/ 


and writing Zip files. 


TOOLS 


Aegis A transaction-based software configuration GPL http://aegis.sourceforge.net/ 
management system. 

Aware Reports Multiplatform high-speed template based report Commercial http://www.awaresw.com/ 
generator. 

BitRock InstallBuilder Tool to create easy to use installer for Commercial http://www. bitrock.com/ (See Figure 14.) 
Linux applications. 

Bugzero Bug Tracking System Feature complete, platform and database Free but restricted http://www.websina.com/bugzero/ 
system independent. 

Builder Xcessory PRO. A user interface builder for Motif. Commercial http://www. ics.com/?cont=nix 

CLIP Clipper/XBase compatible compiler. GPL http://www. itk.ru/english/index.shtm| 


DBAConnect Fast, Secure Remote Administration of your Database. Commercial http://www.datasparc.com/_(See Figure 15.) 
Dynamic Probes (Dprobes) A generic and pervasive system debugging facility. GPL http://www-124.ibm.com/developerworks/oss/linux/projects/dprobes/ 
Easy View (Ezvu) Converts the given set of C files into HTML files. GPL http://sourceforge.net/projects/ezvu/ 
Ektron eMPower for ColdFusion A full-featured, easy-to-use Web content Commercial http://www.ektron.com/ 
management system. 
Genscreen C/C++ Code Generator that generates ncurses screens. Proprietary http://www linuxledgers.com/ 
HuC A PC Engine C compiler. Proprietary http://www.zeograd.com/parse.php?2src=hucf 


JavaReadline Adds readline support to java console applications. LGPL http://java-readline.sourceforge.net/ 


With BitRock InstallBuilder, developers can create easy-to-use Linux 
installers that can be run in GUI, text and unattended modes. 


DBAConnect provides 
improved response time to 
system issues and 
increased convenience for 
database administrators 
through its remote 


Shortcut text 
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PRODUCT DESCRIPTION LICENSE SITE 


Jess A rule engine and scripting environment written Proprietary http://herzberg.ca.sandia.gov/jess/ 


entirely in Java. 


KlassModeler An UML-like tool for creating class diagrams. GPL http://www. jameswells.net/KlassModeler/ 
Kylix Radical Application Development Environment Proprietary http://www. borland.com/kylix/ 
for Linux. 
MagicDraw UML modeling tool for object-oriented Commercia http://www.magicdraw.com/ (See Figure 16.) 
software development. 
MIB Smith’ Visual SNMP MIB Designer/Compiler/Editor Tools. Commercia http://www.muonics.com/Products/MIBSmithy/ 
Omnis Studio A powerful RAD tool for Windows, Linux, Solaris, Commercia http://www.omnis.net/ 
and MacOS. 
OSE Provides a framework for building event driven QT Public http://ose.sourceforge.net/ 
systems, Web-based services etc. License (QPL) 
Ozibug A platform-independent, web-based bug tracking Free but restricted http://www.ozibug.com/ 
system implemented as a Java servlet. (Community Edition) 


uickbugslinux. html 
i 


linux. html 


Commercial http://www.excelsoftware.com/ 


Object-Oriented Software Design Using CRC Cards. Commercial http://www.excelsoftware.com/quickcrclinux.htm: 


Commercial http://www.excelsoftware.com/quickhel} 
QuickUML Linux UML “made easy”. Commercial http://www.excelsoftware.com/quickumllinux.htm! 
Revolution A fully featured cross-platform Commercial http://www. runrev.com/ 
development environment. 
Stream Analyzer (Stan) A console application to generate statistical BSD License http://www.roge.org/stan/ 


information about a stream. 


Stunnix Perl-Obfus An advanced and reliable obfuscator Commercial http://www.stunnix.com/prod/po/overview. shtml 


(scrambler/mangler) for Perl source code. 


The HT Editor A file editor/viewer/analyzer for executables. GPL http://hte.sourceforge.net/ 

Visual SlickEdit A multilanguage integrated development Commercial http://www.slickedit.com (See Figure 17.) 
environment and advanced code editor. 

WxDesigner A dialog editor and RAD tool for the Proprietary http://www.roebling.de/ 


wxWindows C++ library. 


MagicDraw offers new features designed to increase productivity, Visual SlickEdit can be used for one or many programming 
including wizards for model visualization, a diagram layout languages. It enables developers and development teams 
engine, and reverse engineering of sequence diagrams. to create, edit, build, run and debug projects. 


") C++ refactoring, code editor, Eclipse plug-in - Mozilla Firefox 
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ELSE WAS ACCO 
ERE IS AN ENORMOU 


FOR LINUX. 


NETWORKING 

No one reading this issue of Novell Connection magazine is of the 
belief that the future lies in standalone computers. You must have 
a network in this day and age even if you are only a two-person 
company. Within Linux, there is a superdaemon known as init 
which is responsible for bringing up the services required at specific 
runlevels and maintaining the integrity of the system. The init 
daemon will start and stop other daemons such as the system logger 
(syslogd), the swapper (kswapd) and so on. One of the daemons it 
starts is a superdaemon over networking services: inetd. This 
superdaemon can start any networking service and offer those that 
any network would expect and need: 


DNS is a Domain Name Service/Server which allows hosts to 
access a server that performs name resolution for them. First 
introduced in 1984, it allows the host names to reside in a database 
hat can be distributed among multiple servers. The distribution 
decreases the load on any one server and allows for more than one 
point of administration. It also allows the database size to be 
virtually unlimited because more servers can be added to handle 
additional parts of the database. More information can be found 
at: www. linux.org/docs/Idp/howto/DNS-HOWTO.html. 
» Sendmail is a service—a daemon—that allows for the transfer of 
electronic mail between hosts using the Simple Mail Transfer 


OFFICE PRODUCTIVITY SUITES 


Protocol (SMTP). Because SMTP is the protocol involved, and any 
number of programs can communicate with it (sendmail being bu 
one), Sendmail is said to be an agent of SMTP—a mail transfe 
agent to be exact. This is important because Sendmail is not—and 
was never intended to be—what the user interacts with. The user 
interacts with an e-mail program (such as mail), and Sendmail is 
merely a service running in the background that sends completed 


e-mail from one location to another. The latest version of Sendmail 


can be downloaded from www.sendmail.net. 

Apache is a World Wide Web server to Linux in the same way that 
Internet Information Server is a WWW server for Windows 
NT/2000. You can devote years to learning the intricacies of this 
service. Apache is included with most Linux implementations, but 
if you do not have it, you can get it from www.apache.org. 


OFFICE APPLICATIONS 
Having a solid operating system is but one link in the chain to wrest 
control of the network. In order for the operating system to work 
its way onto the desktop, it has to be able to offer the services that 
the user needs. When it comes to the user’s daily environment, that 
can be summed up with the functions that appear in most office- 
type applications: word processors, databases, spreadsheets, etc. 
The following packages offer the functionality on Linux that you 
expect and need in an office environment: 


PRODUCT DESCRIPTION LICENSE SITE 
Abacus Spreadsheet for Linux/XWindows written Free to use http://www-cad.eecs. berkeley.edu/ 
in Tcl/Tk and C/C++. but restricted HomePages/aml/abacus/abacus.html 
BrowserCRM Web-native CRM, E-mail, Collaboration and Commercial http://www. browsercrm.com/welcome.php 
Invoicing application. 
ElOffice (Evermore Full-featured, integrated Office suite Commercial http://www. evermoresw.com/weben/index.jsp 
Integrated Office) 
GroupWise 6.5 Premier communication and collaboration tool Commercial http://www.novell.com/products/groupwise (See Figure 18.) 
OmniChex Manage info with hyperlinked checklists securely Commercial http://www.omnichex.com/ 
on the Web using your Web browser. 
OpenOffice.org The open source release of Sun's StarOffice LGPL http://www. openoffice.org/ 
Slidemaker Create a Powerpoint-like slide show in pdf GPL http://slidemaker.sourceforge.net/ 
for conference presentations. 
SqIDESKTOP Office productivity software for Linux desktops. Commercial http://www.sqidesktop.com/ 
StarOffice The most well-known Linux office package. SUN Binary http://wwws.sun.com/software/star/staroffice/ 


Code License 
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FOR MORE INFORMATION OR TO DOWNLOAD AN EVAL COPY OF GROUPWISE FOR LINUX 
www.novell.com/products/groupwise/ 


THE FUTURE 
Hopefully, if nothing else was accomplished, this list convinced you 
that there is an enormous wealth of applications available for 


GroupWise is the premier 
communication and collaboration tool. 


Linux. Due to space constraints, only seven categories were even 
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Secure your servers without sinking your budget 
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¢ Secure remote access from the Linux desktop 
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* Used and recommended by Novell consultants worldwide 
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FOR MORE INFORMATION ABOUT THE OPENOFFICE APPLICATION SUITE 
www. openoffice. org 


HEN DESCRIBING THE BENEFITS OF OPEN 
source software, the movement's advocates sometimes talk about 
“free as in free beer” versus “free as in free speech.” The idea is that 
while open source software is often available at no charge (“free 
beer”) it’s true value derives from the fact that its source code is 
open to all, so that it can be understood, modified and improved by 
the community (“free speech”). Open source offers another kind of 
freedom, too. Call it “free as in free to choose.” It provides 
businesses with new options to solve their problems, and it creates 
alternatives to the expensive and limiting situation of being locked 
into a single vendor. 


ONE STEP AT A TIME 

The Novell IT department was charged with leading the Novell 
desktop migration, which was dubbed the Open Desktop Initiative. 
Early on, CIO Debra Anderson and other leaders determined the 
initiative would take a phased approach, one that disrupted daily 
business operations as little as possible. 

For Novell, the first phase was assessing the number of 
proprietary software licenses in use at the company, along with the 
amount of surplus hardware, and sharply reducing both. (For 
details, see the first article in this series, Building Blocks, in the 
July/Aug, 2004 issue or online at www.novell.com/ 
connectionmagazine/2004/07/tech-talk-1.html.) 

Adopting OpenOffice was a logical next step, for a number of 
reasons. First, OpenOffice runs on both Windows and Linux, so 
users can begin to use it even without a Linux desktop, and 
continue using it after they make the leap. Next, it works much like 
its closed-source counterpart, so users aren’t immediately facing a 
steep learning curve. This is especially true in environments such as 
the Novell Linux Desktop, where the OpenOffice interface is tightly 
integrated with the rest of the environment. Further, it provides 
enough functionality that many business users can get to work 
without sacrificing the power they need to do their jobs. 

Finally, the big one: OpenOffice offers the entire organization 


immediate savings. Now that’s something everyone can 


64 NOVELL 


understand. Even with the moderate costs associated with training 
and support for a new application, Novell calculated it could 
achieve seven-figure savings just by cutting back on its MS Office 
licenses as it also streamlined its Windows contracts. Adopting 
OpenOffice for Windows, with an eye to eventually going all the 
way with Linux, made that possible. (See Figure 1.) 

“We knew that as a leader in the open source space, Novell had 
a strategic imperative to move toward an open desktop,” explained 
Debra Anderson, “but we also knew it would be to our practical 
advantage, and that made it much easier to advance the vision 
within the company.” 

With this strategy in mind, Novell announced in March of 2004 
that it would move at least 90 percent of its 6,000 employees 
worldwide to OpenOffice, and do it by the end of July. 


The OpenOffice.org productivity suite includes software for 
presentations, word processing, spreadsheets, drawing and 
database access, on multiple platforms, in multiple languages — 
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FIGURE 1 


TELL THEM WHY; SHOW THEM HOW 

While the Novell Open Desktop Initiative team was project- 
managed by IT, it included representatives of other groups 
worldwide, from training to marketing. From the beginning, they 
planned to approach employees from several directions at once. 
Employees needed to know the truth—some work would be required 
in learning new software, and there would no doubt be some 
inconveniences along the way, such as converting documents. But 
they also needed to know that there was help available. So the 
Open Desktop team worked to make sure that employees 
understood the business imperatives of the initiative (the Why), 
while at the same time reassuring them they could get all the tools, 
training and help they needed (the How). 

Regular, repeated communication, from several sources, was 
critical. An executive steering committee met regularly to ensure 
cross-departmental coordination. Managers throughout the 
company received updates on the project's progress. Top executives 
sent multiple all-staff e-mail messages during the course of the 
campaign, and raised the issue repeatedly in employee meetings. 

To help employees keep up to date and find the tools they 
needed, the project team created an Open Desktop Initiative 
headquarters site on the company intranet called the “OpenZone.” 
In the Zone, Novell employees could find everything they needed 
to make the leap to OpenOffice, from downloads to installation 
guides to training resources. (See Figure 2.) 

However, this kind of company-wide communication was only 
air cover. Much of the real work was done ona local level, face-to- 
face. Not only did regional executives 
and send their own communications, they agreed to designate an 
individual from their department, an Open Desktop advocate, who 
would be responsible to help push the process along in their area. 


set their own target dates 


An advocate’s duties included holding local meetings to explain the 
migration process, answering employee questions and gently 
prodding those who fell behind. 


The Open Desktop team stayed in frequent contact with the 
advocates, meeting weekly, arranging special training sessions for 


them and sending them step-by-step instructions for helping people 
through the transition. Just as important, the advocates passed 
information both ways, reporting up about their departments’ 
progress and what challenges employees encountered. 


HELP IS ON THE WAY 


Planners at Novell worked to head off those challenges by providing 
a range of resources, all available on the OpenZone site. To begin, 


they made it easy to download the latest version of the software 
with links that walked employees, in 1-2-3 fashion, through the 
steps of getting the installer, reading the instructions and doing the 
installation. On average, the process took less than 15 minutes. 
When it came to training, the team discovered a surprising 
abundance of external resources for OpenOffice, ranging from books 
to computer-based training to one-page quick guides to instructor 


led courses. (For more information, 


see Open Book on p. 67.) 


For the second phase of Novell's Open Desktop Initiative, 


the company’s OpenZone intranet site was updated with 


OpenOffice software downloads, help links, training 


resources and official templates in OpenOffice format. 


All About the Open Desktop Initiative 


What and why: blazing trails for Novell and our customers * 
When: ineline and project milestones 
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They also recruited subject matter experts 


from around the company who agreed to 
be available to handle questions about 
specialized areas, such as how to convert 
macros from Office to OpenOffice format. 
To supplement the generic external training 
sources, these experts recorded brief 
webcasts with screenshots and voiceovers 
hat served as quick-start guides aimed at 
ovell employees. 

Everyone who took calls and electronic 
requests at the Novell 24/7 internal help 
desk received instruction in the OpenOffice 
suite. Help desk technicians learned to 
handle most issues on their own, but could 
always turn to the subject matter experts in a 
pinch. As with all help requests, OpenOffice 
issues were logged and tracked. Each week, 
the top issues, along with their resolutions, 


were posted for all to see in the OpenZone. 


On that page, employees had five 
et help. The first option 
O a person,” and this 
isted the different 
ways to connect in real time to the help desk 


different ways to 


g 
read, “Let me talk 


linked to the page tha 


(e.g., phone, IM). The next option read, “If 
you show me where to look I can research it 


myself,” and linked to a page of internal and 


external FAQs and other aids. The next read, 
u 


“Tl send you my question-Send me back an 


answer,” and offered an e-mail form that 
was routed to the help desk. The next said, 
‘| found a bug or I have a feature request,” 
and linked to another Web form that also 
sent the information to the help desk. The 


final option read, 
document-Let me attach it and send it to 
you,” which opened an e-mail to which users 
could attach the file and send it to the help 


have a problem 


desk. The net result was that employees felt 


like they had several options to get help in 


he style that best suited them, while all 
equests were routed through a central 
point, the help desk. That meant better issue 
racking and response coordination. 


MOVING TO AN OPENOFFICE CULTURE 
The company took several steps to help 
employees adopt the new software as a 


routine part of doing business at Novell. The 
first was to formalize a document format 
policy. Employees were told the general rule 
is: if you're sending a document to someone 
inside Novell, use the native OpenOffice 
formats only (which carry extensions o 


.Sxi, .Sxw or .sxc). If your reader is someone 
outside the company, use the .pdf format if 
they only need to view the document. If 
hey need to edit the file, take advantage of 
OpenOffice’s ability to save in other 
formats, such as an MS Office format, if 


hey weren't using OpenOffice. 


When it came to existing documents, 
he policy stated that employees did no 


necessarily have to convert everything 


) 
OpenOffice retroactively. But the Open 
Desktop team also made it clear there were 
some cases when it was a good idea to do 

d 
e 


so. For example, any kind of template use 


oO create new documents is a prim 
candidate for conversion, as is any 
members are still 
actively using or editing. Reviewing these 
h it the side benefit 
of a chance to clear out unneeded files, 


document that team 


documents brought wit 


As part of this transition, the company 
applied a little peer pressure, too. Top 
executives and regional managers alike 


made sure any documents they sent 
department wide or company wide were 
formatted exclusively in OpenOffice, and 
they set dates after which they would no 


Open Book: OpenOffice.org Training Resources 


Because OpenOffice works much like MS Office, many users report 
they get the hang of it after just a few hours of use. There are some 
differences, though, and a handful of pitfalls you can avoid if you 
know what to expect. OpenOffice also sports some features that go 
beyond what MS Office can do, and a little training can help ensure 
that your workforce is taking full advantage. Here are just a few of 
the places to look. 


WWwW.OPENOFFICE.ORG 
The official Web site offers documentation, tutorials, FAQs, user forums and other free resources 
that come right from the source. 


USER WEB SITES 
In the true spirit of open source, the community has created several unofficial sites with free 
quick-start guides and tutorials, including www.openofficesupport.com and 

www. tutorialsforopenoffice.org. 


LED TRAINING 
BrainStorm, Inc. is one of the leading training companies that now provide in-person and 
computer-based OpenOffice education products. 


BOOKS 
OpenOffice.org for Dummies by Gurdy Leete, Ellen Finkelstein and Mary Leete is a beginner's 
look, with a CD that includes the software. OOoSwitch: 501 Things You Want to Know About 
Switching to OpenOffice.org from Microsoft Office by Tamar E. Granor emphasizes the transition 
from Microsoft Office. OpenOffice.org Resource Kit by Solveig Haugland and Floyd Jones is a 
comprehensive guide to OpenOffice.org that also includes a CD with the program. 


In the true spirit of open source, the OpenOffice.org Web site not only 
offers software downloads, but help and training resources as well, many 
provided at no charge by members of the user and developer community. 
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longer personally accept any internal documents in non- 
OpenOffice formats. 

Another strategy for infusing Novell culture with the new way 
of doing business was to target core communicators: the 
administrative assistants. The Open Desktop team arranged for in- 
person training sessions for the assistants at its largest offices. They 
also assigned top IT personnel to work one-on-one with the 
executives and their assistants, offering to install the software and 
follow that up with a personal 30-minute tutorial. 

Taken together, these techniques worked. By the end of June, a 
month before the final deadline, employee survey research 
revealed that more than 90 percent of employees had installed the 
software, and 87 percent were actually using it for routine work at 
least on a weekly basis. When July 31 arrived, the numbers were 
closer to 100 percent. 


LESSONS LEARNED 

One of the early demands employees made was for official Novell 
templates in the native OpenOffice formats for presentations and 
business papers, so those were prominently displayed for 
download in the OpenZone site. 

OpenOffice offers a key benefit in its ability to read and write 
MS Office files. Often, converting a file takes no more effort than 
choosing “Save as...” However, while each new version of the 
software improves this capability, it’s still not perfect. This is 
especially true of spreadsheet macros. 

An important lesson Novell learned is that the conversion 
process goes much more smoothly if you follow one rule: don’t 
convert the same document back and forth between formats 
several times. Going from OpenOffice to MS Office once usually 
happens without incident, but going back and forth several times 
can result in the need to clean it up a bit. 

In Novell’s experience, more complex documents, such as 
spreadsheets with macros, may require skilled resources for 
conversion. OpenOffice does have sophisticated features like pivot 
tables and macros; however, just like with Excel, power users will 
need training. During conversion, it’s a good practice to focus on 
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reproducing functionality rather than exactly matching the look 
and feel of the original. 


An unusual issue Novell encountered resulted from the way 


OpenOffice interacted with Internet Explorer (IE) in certain situations. 
When IE users tried to view documents posted securely on the company 
intranet via SSL, the users would sometimes see an error message. 


How Novell dealt with this particular problem reveals 


something about 
members of the OpenOffice community, 
determined the problem was a very unusua 


he nature of open source. After consulting with 
the Novell IT team 
one stemming from 


the way encryption was deployed on the intranet. Software 
engineers at the company took a look at the code, and were quickly 
able to alter the OpenOffice software itself, rather than wait for an 
upgrade or a patch. This small improvement, along with others 
Novell made based on its experience with using the program across 
the company, will now be submitted back into the main code 
base—and all OpenOffice users will benefit. 

Even more can be done along these lines if companies want to 
go further and customize their applications. Open source code 
means easier access under the hood, making it faster and more cost- 
efficient to build just the right solution for a particular organization. 


APPROACHING DESKTOP FREEDOM 

Using OpenOffice.org has opened doors for Novell along its path to 
an open desktop environment, and it has further ingrained open 
source culture within the company. 

Information Support Services Director Don Morrison. said, 
“OpenOffice has been an effective way to introduce people to this 
change, starting them out with a relatively gentle learning curve, 
and providing them with an opportunity to be successful in their 
work, in a new environment. That’s a pretty powerful tool for us.” 

This work paved the way for the final, most challenging —and 
most rewarding—phase of the Open Desktop Initiative: migrating 
to a Linux desktop. We'll find out in detail what happened in the 
next and final part of this series, and examine how Novell turned 
each aspect of open source (free beer, free speech, and free choice) 
to its advantage. N 


Toolkit: Open Source Applications for 
the Business Desktop 


One myth about the open source desktop that 
grows thinner every day is the idea that there are 
no business applications. In truth, a number of 
highly-capable tools can provide cost-effective 
alternatives to single-vendor lock-in. Many run on 
Windows and other platforms, not just Linux. The 
following list includes some of the most popular, 
but each of these represents just one of several 
options that are now available in each category. 


OFFICE PRODUCTIVITY SUITE: OpenOffice.org—OpenOffice is a free suite 
of full-function office applications, including a word processor, 


spreadsheets, presentations, a drawing tool and a database access tool. 


It can open and save MS Office file formats, as well as export Acrobat 
(.pdf) and Flash (.swf) files. It runs on Windows, Linux, Mac OS X, 
FreeBSD and Solaris. (For more information on OpenOffice.org, visit 
www. openoffice. org). 


E-MAIL AND CALENDAR: Novell Evolution and Novell GroupWise- 
Evolution are the world’s most popular personal and workgroup 
information management solution for Linux systems. The software 
seamlessly integrates e-mail, calendaring, contact management and 
task lists in one easy-to-use application. With the additional 
installation of Evolution Connector for Microsoft Exchange, Novell 
Evolution functions as a Microsoft Exchange 2000 or 2003 client, with 
access to scheduling, e-mail, public folders and global address book 
features. For its part, Novell GroupWise 6.5, now available for Linux, 
is a premier communication and collaboration tool. It provides an 
effective and innovative approach to collaboration services—an 


approach that delivers security, control and mobility, while reducing 
the cost of managing and maintaining essential communication 

and collaboration services. (For more information on Novell Evolution 
and Novell GroupWise, visit www.novell.com/ products/evolution/ and 
www.novell.com/products/groupwise/ 


WEB BROWSER: Mozilla—This free download is a fast, modern alternative 
for Web browsing, IRC chat and more. Built with privacy and security in 
mind, it stops pop-up ads and junk mail, and allows you to open 
multiple Web pages in the same window with tabbed browsing. 

(For more information on Mozilla, visit www.mozilla.org.) 


muttimepia: RealPlayer—The RealPlayer 10 for Linux can handle 
streaming and downloaded QuickTime, Windows Media, MPEG, Ogg 
Vorbis and just about every other format for audio and video files. 

It can also play DVDs and store-bought or home-made CD-ROMs. 
(For more information on RealPlayer, visit www.realnetworks.com.) 


IMAGE EDITING: The GIMP—The GNU Image Manipulation Program is 
software for such tasks as image authoring, image composition and 
photo retouching. It works much like Adobe Photoshop, and it does 
so on many operating systems, in many languages, at no charge to 

the user. (For more information on GIMP, visit www.gimp.org.) 


WEB AUTHORING: BlueFish—Bluefish is a powerful editor for experienced 
Web designers and programmers. Bluefish supports many programming 
and markup languages, such as HTML, JavaScript and others, but it 
focuses on editing dynamic and interactive Web sites. (For more 
information on Bluefish, visit http://bluefish.openoffice.nl/index.html.) 
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OT TO SOUND OVERLY PHILOSOPHICAL, BUT 
technology is like the ocean. It comes in waves. Sure, vendors can 
paint a beautiful and inspiring picture of the sunrise on the 
horizon, but actually achieving that vision generally happens one 
wave at a time; and identity management is no exception. 

In the mid- to late-90s, before identity management became a 
mainstream IT topic, the conversation revolved mostly around 
directories and the concept of storing identity information for use 
throughout the network. The pre-directory days were “machine 
centric,” in that a network login was attached to a specific machine, 
and access rights varied from server to server. With the advent of 
directories from vendors like Banyan, Netscape and Novell, 
companies got their first taste of a “user-centric” world, where 
network and application access were based on a user's identity. 

The next wave in identity management targeted Web access 
control, and gave rise to products like Netegrity Siteminder and 
Novell iChain. These products tapped the identity information stored 
in directories to control access and personalize content for Web sites 
and Web applications. But of course the proliferation of Web access 
management solutions and a host of other identity-based 
applications left many companies with dozens of non-integrated user 
identity stores that had to be managed and updated manually and 
individually. That administrative nightmare was the catalyst behind 
the third wave of identity management and the rapid adoption of 


meta-directory and provisioning products. Niche vendors such as 
Business Layers and Access360, and well-established players like Sun 
and Novell, gave companies a means to integrate different identity 
stores and automate the creation of user accounts across 
applications. ..and that’s the point where many companies are today. 

So what’s the next wave in identity management? In a word: 
federation. Not the “explore strange new worlds” kind of 
federation, but rather securely sharing identity information outside 
the firewall with business partners. And just as it has been in many 


other facets of identity management, Novell is on the leading edge 
in developing products that make it possible to federate identity 
information. In November, Novell will begin beta testing a 
technology code-named Odyssey, which will make it very easy to 
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federate identity information between business partners, as well as 
internal systems, without compromising a user’s privacy. 

Of course, the next question is, Why? While the concept of 
federation may sound intriguing, is it really something that can make 
life easier for a network administrator—or just more vendor hype? 

Perhaps the best way to answer that question is to put Odyssey 
and federation in the context of the work you're already doing. 
Essentially, the product is going to extend the benefits that 
organizations have already realized from Novell Nsure solutions to 
trusted business partners. Identity management capabilities that 
have traditionally only been available (or at the least, viable) 
within the enterprise, can now be extended to encompass trusted 
services outside the firewall. For example, with Odyssey, you'll be 
able to provide single sign-on, advanced authentication, user 
account provisioning, identity integration and policy-based access 
control—only this time, those features will not just affect the 
systems you directly control, but also the Web sites, applications 
and services of trusted business partners. With those benefits in 
mind, let’s take a closer look at what Odyssey is and how it works. 


WHAT IS ODYSSEY? 

The product consists of two basic components: an Identity Provider 
(IDP), where identity information is stored, and a Service Provider 
(SP), which can access the identity data within the IDP. From these 
two basic building blocks, business partners or even different 
departments within a larger organization can securely share both 
authentication credentials and specific identity attributes, such as 
a job title or a home phone number. 

Organizations that would typically deploy the IDP would be 
those that already manage identity data in the physical world, such 
as a credit card company or an airline, or a large enterprise or 
government/educational institution that needs to integrate semi- 
independent departments or branch offices. In the case of an 
airline, a business partner like a rental car company would be an 
ideal candidate to deploy the SP; that is, the two companies would 
benefit by making it as easy as possible for users to transition 
between their respective Web sites. 


NOVELL IS ON TH 
PROD 


For administrators familiar with Novell Nsure Identity Manager 
(formerly DirXML), you can compare the IDP to the Nsure Identity 
Manager engine and the SP to an external application connected 
using a driver. In the Nsure Identity Manager model, the engine is 
the hub of identity integration, where user, device or application 
identity data is stored in an identity vault and synchronized bi- 
directionally among any number of enterprise applications 
connected to the engine by drivers. Similarly, in Odyssey, the IDP 
houses identity information that can be shared among any number 
of SPs, and vice versa. Both products are capable of integrating 
login credentials (such as a password), identity attributes (like a 
phone number or e-mail address), and a broad range of other data. 
The main difference between the two is that while Nsure Identity 
Manager is primarily deployed on a corporate network, Odyssey 
can be deployed by business partners or a large, distributed 
organization over the Internet. 

For instance, in an Nsure Identity Manager deployment, when 
a new employee joins an organization, she can be immediately and 
automatically granted access to multiple business systems through 
one simple operation. Provided each of the relevant applications is 
connected to the Nsure Identity Manager engine with a driver, once 
the new user account is created in one connected system, typically 
the HR database, it can be automatically provisioned in all of the 
others, such as the corporate directory/white pages and the 
company’s e-mail system. Without almost any user intervention, 
the new employee has been granted access to all the systems she 
needs. However, as is the case with almost any organization, the 
employee will not just need to interact with internal company 
applications, she'll also need access to external partner systems, 
such as a financial services provider that manages the 
organization’s 401k plan...and that’s where Odyssey comes in. 

Now that the new employee has been provisioned with basic 
internal access, she can visit the company intranet to make optional 
benefits selections, including setting up a 401k. Without Odyssey, 
getting onto the financial services Web site and accessing the 401k 
options would be a lengthy process: After clicking the 401k link on 
the company intranet, she would be required to enter a separate login 


~~ 


to authenticate to the site and then spend several minutes entering 
personal information to create an account — information that’s already 
available within the organization in a number of systems. 

With Odyssey, on the other hand, the process is seamless. 
Because the company itself has deployed the IDP and its partner, 
the financial services provider, is an established SP, when she clicks 
on the 401k link in the company intranet, the financial system 
recognizes that it does not have an account for this user. The 
employee is then asked if she would like to federate her identity to 
the financial services provider. If she accepts, the SP will obtain the 
relevant identity data from the IDP and create the new user 
account in the financial system. By simply agreeing to federate her 
identity, the employee now has single sign-on to the 401k site, and 
her identity attributes, such as a mailing address for 401k 
statements, have been dynamically added to the system. 

As for how the identity information is shared, whereas Nsure 
Identity Manager uses drivers to integrate with connected systems, 
the primary vehicle for transmitting identity data from an IDP to an 
SP, or vice versa, is the Secure Assertions Markup Language 
(SAML)—either as a general-purpose SAML connection or a SAML 
connection wrapped in the Liberty Alliance specifications. For the 
purpose of understanding the fundamental transmission process 
that underpins Odyssey, let’s briefly take a closer look at how these 
two protocols work: ; 

In order to use general-purpose SAML to share identity data, 
two business partners, such as a large enterprise and an outsourced 
benefits provider, have to agree upon the scope of their online 
partnership (i.e, what identity data they will share with one 
another) and then cooperate on the naming conventions used for 
specific identity attributes. For example, one organization might 
list a username as “samluserid:rjones” while another would use 
o represent the same attribute. Once those 


“samlid:rjones” 
conventions and the general business relationship are established, 
the companies will be able to transmit SAML assertions between 
one another. An assertion is essentially a claim made by an identity 


(such as a user or an application) as to the rights it possesses on 
another system. Assertions come in three basic forms: 
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» An assertion can be made that a user (or another identity) has 
been authenticated to one system and should thereby be 
authenticated to a second, or partner, system. In the example of 
an enterprise and its outsourced benefits provider, a SAML 
assertion for authentication could allow a user to seamlessly 
move from the enterprise intranet to the benefits provider’s Web 
site without having to log in again. 

An authorization assertion defines a specific set of resources to 
which a user should be granted, or denied, access. With such an 
assertion, two users moving from the enterprise intranet to the 
benefits provider’s Web site could be presented with different 
coverage information, based on the different health plans in 
which each is enrolled. 

Finally, an attribution assertion actually transmits pieces of info- 
rmation, or identity attributes, about a user between two systems. 
With the user’s permission, data such as a mailing address or a social 
security number could be transmitted to the outsourced benefits 
provider to speed, for example, the health insurance claims process. 
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In practice, these assertions are made using a SAML artifact, which 
is a time-bound and encrypted set of instructions passed from the 
source site to the destination site via a specified URL (also known 
as a backchannel). The destination system uses the instructions in 
the artifact to determine where on the source system it can obtain 
the relevant SAML assertion. In other words, the assertion, or the 
identity information, doesn’t actually cross the wire, only the 
instructions do ensuring the highes of security for identity 
data. Once that assertion is obtained, the user is authenticated to 


leve 


the destination site. 

SAML is a powerful and ex 
federation, but it can also be fairly complex to deploy which is 
where the Liberty Alliance specifications come in. Formed in 
September 2001 to develop open standards for federated network 
identity 
150 members, representing not just technology companies, but also 


remely flexible vehicle for 


management, the Liberty Alliance is made up of more than 


manufacturers, financial institutions, government organizations, 
educational institutions and many others. Novell itself sits on the 
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SECURE ASSERTIONS MARKUP LANGUAGE (SAML) 


LIBERTY ALLIANCE PROJECT 


A standard protocol governing the secure transmission of identity data 
and authentication credentials (identity federation). 


The development of SAML is managed by the Organization for the 
Advancement of Structured Information Standards (OASIS) 


General-purpose SAML is fairly complex to deploy, requiring two 
business partners to agree upon the scope of their online partnership 
and then cooperate on the naming conventions used for specific 
identity attributes. On the other hand, general-purpose SAML is also 
very flexible and can be customized to a specific business relationship. 


An industry consortium of more than 150 members with the goal of 
developing a practical and interoperable approach to identity 
federation. 

The Liberty Alliance has created a widely accepted set of instructions, 
known as the Liberty Alliance specifications, that describe a standard 
methodology for deploying SAML-based services. 


By predefining sets of identity information, the Liberty Alliance 
specifications eliminate the need for a detailed discussion of naming 
conventions and data formats between business partners, making 
Liberty Alliance-based identity federation easier to deploy (though less 
customizable) than general-purpose SAML. 
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Liberty Alliance management board and has been an active 
member since February 2002. 

Recognizing the complexity of a general-purpose SAML 
implementation, the Liberty Alliance has created a widely accepted 
set of instructions, known as the Liberty Alliance specifications, 
that describe a standard methodology for deploying SAML-based 
services. While these specifications, by their nature, do not offer 
the same flexibility as a general-purpose SAML implementation, 
they do allow a much faster deployment without requiring the 
same kind of one-off negotiation. 

The Liberty Alliance specifications introduced a concept known 
as the Identity Web Services Framework (ID-WSF), which will 
offer predefined sets of identity information. To date, the Alliance 
has developed three of these predefined sets, known as Identity 
Service Instance Specifications (ID-SIS): 


The Employee Profile (EP) specifies identity information 
associated with an employee, including attributes such as 


Identity federation based on the Liberty Alliance specifications 
requires that users give their consent before identity data is shared. 


FIGURE 1 


employee ID, job start date, job title, a manager’s employee ID 
and many others. 

» The Personal Profile (PP) describes identity information 
associated with a principal (generally a user), including attributes 
such as name, address, social security or credit card number, 
marital status, phone number, e-mail address, instant messaging 
ID and many others. 

Somewhat different from the EP and PP, the Discovery service 
(DISCO) provides a standard process for determining what 
identity data is available on a given system. 


The value of these predefined sets of identity information is that 
they eliminate the need for a detailed discussion of naming 
conventions and data formats between business partners. In other 
words, to federate identity information using products that 
conform to the Liberty specifications, two companies need only 
negotiate a business relationship—the terms of the “technical 
relationship” have already been established. 

The actual transmission of identity information using the 
Liberty specifications is based on the SAML process described 
above, with just one notable addition. Beyond defining standard 
formats for identity data, the Liberty specs also describe a means 
through which two organizations can establish a business 
relationship, at least in the technical sense. (Software will never 
completely obsolete the work of lawyers.) To create that 
relationship, two companies have to exchange what's called 
metadata. This metadata contains all the information necessary to 
establish a trust relationship, such as digital certificate data. Once 
the metadata has been exchanged, SAML becomes the day-to-day 
vehicle for identity federation. 

Finally, a discussion of the Liberty Alliance would be 
incomplete without mentioning the reason the whole thing is 
meant to be so “liberating.” Unlike other attempts at federated 
network identity (such as Microsoft Passport), the Liberty Alliance 
specs mandate that users, not Identity Providers or Service 
Providers or any other -iders, get to decide if and when their 
identity information will be shared. (See Figure 1.) 
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WHAT DOES ODYSSEY DO? 

With the SAML and Liberty protocols as a foundation, Odyssey 
delivers a wide range of advanced features that take identity 
management beyond the firewall to encompass trusted business 
relationships: 


VERIFY USER IDENTITIES THROUGH DIRECT AND INDIRECT AUTHENTICATION 
Odyssey provides a means to manage authentication both across 
the enterprise and the Internet. Because the IDP features a 
connection to Nsure Identity Manager and support for federation 
protocols, it can provide a central point of authentication for 
internal systems (e.g., a financial application), external systems (a 
Web portal) and partner systems (personalized 401k information 
linked through the portal). And that access can be granted both 
directly and indirectly. 

In a direct scenario, a user can log in to the IDP to be authen- 
ticated to enterprise applications and be granted (should she agree to 
federate her identity) single sign-on to partner systems as well as the 
option of sharing specific identity attributes with those systems. 
Similarly, if that same user were to log in to a partner system (the SP), 
that authentication would be redirected to the IDP via a specified 
URL. Once the user's identity is verified by the IDP. access to the 
partner system and other relevant applications is granted. 

Odyssey also features a number of authentication options. The 
product's core authentication engine is based on the Pluggable 
Authentication Module (PAM) format, which includes support for 
passwords, tokens and X.509 authentication, and can be extended 
to include a host of other methods. 

Once those login credentials are provided, Odyssey can verify 
them in one of two ways: either locally using an embedded identity 
store or against an existing enterprise directory. Both options are 


made possible by a new directory technology called Novell Nsure 
Identity Broker. Rather than requiring the deployment of a 
separate directory service (think about installing ZENworks or 
GroupWise and the requirement that eDirectory first be present), 
Novell Nsure Identity Broker is a built-in, local identity store 
specific to Odyssey which can also connect to other LDAP 
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directories for authentication or authorization decisions. This 
approach gives companies a lot of flexibility. Those that don’t have 
an enterprise directory deployed or that want to capture identity 
attributes that are relevant only to Odyssey can use the local 
identity store for authentication and authorization. On the other 
hand, if a corporate directory, such as Novell eDirectory, Microsoft 
Active Directory or Sun Java System Directory Server (yes, that’s 
what it’s called these days), is already in place, Odyssey can use 
Novell Nsure Identity Broker to simply link to the existing 
directory (or multiple directories) to verify user identities and grant 
access to resources. 

Though Odyssey is the first product to feature this embedded 
directory technology as a built-in component, other Novell 
products will begin shipping with Novell Nsure Identity Broker in 
the coming months so stay tuned. 


SHARE IDENTITY ATTRIBUTE INFORMATION 

Novell's first foray into Liberty-based federation was the Liberty 
identity provider for Novell eDirectory, of which an early access 
version was released in April 2003. Based on the Liberty Alliance 
1.1 specifications, this first identity provider made it possible to 
have single sign-on among different “Liberty-enabled” Web sites, 
but nothing more. Since then, the Liberty Alliance specifications 
have matured significantly, adding provisions for much more refined 
data transmission. By adhering closely to those revised specs, 
Odyssey allows business partners to securely share even the most 
sensitive bits of identity data, as noted earlier in our description of 
the Employee and Personal Profiles. And of course, those partners 
that want to share data that’s outside the bounds of the Liberty 
specs can also use Odyssey to establish a more customized 
federation model based on general-purpose SAML. (See Figure 2.) 


MANAGE IDENTITIES AND PROVISION USERS BETWEEN BUSINESS PARTNERS 

To this point, we’ve discussed capabilities that, while definitely 
cutting edge, are at least being actively talked about by other 
vendors in the identity management space. However, Odyssey also 
takes the next step in federation capabilities by allowing business 


partners not only to share identity information but also to manage 
and provision user accounts on each other's systems provided, of 
course, the users involved give their permission to do so. This 
provisioning process is implemented in accordance with the Liberty 
specs, and can be turned on or off for each SP as the IDP 
administrator sees fit. If provisioning has been enabled, the process 
would typically begin when a user tries to federate her identity 
from an IDP to an SP. With Odyssey, when the transmission 
between the two partner sites is attempted, and it’s discovered that 
no user account exists on the SP, instead of requiring the user to 
manually create that account, she is given the option to 
automatically provision a user account on the SP, based on the 
identity data contained in the IDP. Suddenly, for an IDP like an 
airline, the prospect of encouraging users to create a charge card 


account linked to the airline’s frequent flyer program becomes a 
whole lot easier. 

At a functional level, this federated provisioning is 
accomplished using the Liberty ID-SIS. (See p. 75.) When a user 
accepts the option of provisioning an account, the SP on which 
the federated account needs to be created simply makes a 
DISCO call to the IDP to determine and obtain the relevant 
identity data, which is then used to provision the user. 

Of course, particularly for an enterprise deployment of 
Odyssey, the provisioning process doesn’t always have to wait 
until the moment federation is attempted. Instead, for example, 
when a new employee joins the company, that employee can 
effectively give permission to federate her identity at the time 
she signs an agreement of employment. In turn, that agreement 


Odyssey gives companies the option of dynamically “Liberty-enabling” the Web sites of business partners— allowing users to enjoy single 


sign-on and the secure transmission of identity attributes between those sites. 
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would allow an administrator to provision accounts even in relevant 
partner systems before the new employee's first day on the job. In 
other words, just as an administrator now uses Nsure Identity 
Manager to provision user accounts across enterprise applications 
like a corporate directory, HR system and e-mail application, the 
addition of Odyssey would allow that same user account to be 
created in a partner system, such as a benefits selection tool hosted 


by an outsourced benefits provider. No longer does user account 
provisioning (or de-provisioning) have to be a lengthy paper- or e- 
mail-based process just because it crosses the firewall. 


ENFORCE ROLE-BASED POLICIES FOR WEB ACCESS AND OTHER SERVICES 

In addition to federation and provisioning capabilities, Odyssey 
also supports role-based policies for controlling access to Web sites 
and other applications. With role-based policies, access rights to a 
given Web site, for example, can be associated with a specific role, 


such as sales manager, citizen or doctor. In turn, access to that Web 
site is restricted only to those users that are also associated with 
that role. For instance, access to a hospital portal that provides 
private patient data might be available only to those users 
recognized as “doctors” and not to the hundreds of other staffers 
throughout the facility. 

Using this model, Odyssey, because of its support for federation 
protocols, can provide policy-based access control not just for a 


given organization’s Web sites and applications, but also for those 
of its business partners. 


DEPLOY QUICKLY AND START FEDERATING 

Odyssey also makes the prospect of federated identity a relatively 
simple and easy-to-deploy process. While more complex 
relationships based on general-purpose SAML can certainly be 
established with Odyssey, most companies will likely see the 
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benefit of a much faster deployment based on the Liberty specs. COMING SOON... 
Because Odyssey acts as a proxy, it can be placed in front of another With Odyssey, Novell maintains its leadi 
server to dynamically Liberty-enable virtually any application or atest wave of identity management 


ules definitions, administrators need only install the Odyssey amiliar with the capabilities of products li 


metadata and then start federating identity information. With most hose capabilities to trusted business part 


any identity management project, quick success is the key to and Liberty Alliance standards. Novell wi 


progress, and Odyssey is designed to provide just that. product in November. Stay tuned. 
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OVELL HAS CONSISTENTLY DEMONSTRATED 
a commitment to meet the business-critical messaging needs of the 
marketplace. In fact, Novell has a long history as one of the 
industry's leading innovators in messaging and collaboration. From 
involvement with the development of the early MHS standard, 
through the acquisitions of GroupWise and development of 
NetMail, Novell has been a key player in the market. Add the 
acquisition of Ximian with the Evolution e-mail client and SUSE 
LINUX and the OpenExchange server and it’s clear Novell 
understands the need for messaging and collaboration. 

With the acquisition of SUSE LINUX, and the vigorous 
championing of the Linux desktop, Novell must provide rich, 
enterprise-class messaging solutions on the Linux platform. Indeed, 
the Linux desktop is not a viable business solution without full- 
featured messaging clients for the users and an enterprise-class 
messaging backend in the server room. With the recent release of 
GroupWise 6.5 for Linux, and the impending release of Evolution 
v2, Novell definitely hits the mark. 
ith the GroupWise 6.5 for Linux release, Novell has released 
a Java-based cross-platform client that is rich in its feature set, 
easy in its installation, and fast and stable in its operation. This new 
client is definitely a welcomed departure from previous solutions to 
non-Windows messaging client needs. Its feature set more closely 
resembles the Windows client than any of its cross-platform 
predecessors, and the ease of installation and speed of operation 
will surprise even the most optimistic GroupWise fan. The slick 
interface is so much like its Windows counterpart, it even prompted 
one of our most Linux-purist technicians to exclaim, “I can’t believe 
I’m actually running the GroupWise client on Linux...”. 
In addition, the Evolution development crew has teamed up 
with the GroupWise camp, and together they have provided an 
alternative to the rich GroupWise client that integrates well with 
the GroupWise backend. The release of Evolution v2 includes 
native support for connecting to the Linux version of the 
GroupWise POA (support for Windows and NetWare agents is 
planned for the future). Unlike the current support by Evolution 


= 
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for Microsoft Exchange Server, which requires an extra “connector” 


plug-in, Evolution v2 supports GroupWise servers as a built-in 
feature. Once you install Evolution v2, you automatically have 
support for GroupWise. Using IMAP, SMTP and a new SOAP-based 
protocol implemented in the GroupWise for Linux POA, Evolution 
v2 is able to provide native access to e-mail, calendar items and 
contacts in a GroupWise mailbox. 

In a previous article, you learned how to create a GroupWise 6.5 
system with agents running on a Linux server. In this article, We'll take 
a look at how to install and configure both the GroupWise 6.5 cross- 
platform client and the Evolution v2.0 client with GroupWise support. 


THE GROUPWISE CROSS-PLATFORM CLIENT 

The GroupWise cross-platform client is a native application with a 
Java based user interface. With its release, Novell has targeted 
Linux and MacOS. If you search the Novell Web site, you will find 
GroupWise cross-platform installs for Linux and MacOS, but not 
for other platforms. Let’s see how to install the cross-platform 
client on a Linux desktop. 


REQUIREMENTS 
The GroupWise cross-platform client is supported under the 
following distributions of Linux: 


SUSE LINUX Desktop (Gnome and KDE desktops) 
SUSE LINUX 8.2 (Gnome and KDE desktops) 

SUSE LINUX 9 Professional (Gnome andKDE desktops) 
Red Hat 9 (Gnome desktop) 

Red Hat Enterprise 3 WS (Gnome desktop) 


I used SUSE LINUX 9.1 Professional with KDE 3.2 for my lab 
environment to write this article. 

In addition to these OS and desktop configurations, the client 
requires a Java Virtual Machine (JVM) v1.4.2 or later. When 
you install the client, the JVM is automatically installed in 
/opt/novell/groupwise/client/jre. Many Linux desktop environments 


WITH THE RECENT RELEASE OF GROUPWISE 6.5 FOR 
V2, NOVELL DEFINITELY HITS THE MARK. 


are likely to already have the JRE (Java Runtime Environment) 
installed in a different location. Even so, the GroupWise cross- 
platform client installation will install the JRE for its own use 
ensuring that the client has access to the JVM without requiring 
any special configuration by the end user, and without any worry 


about version differences. This makes deployment of the Java- 


based GroupWise client almost effortless. 


INSTALLING THE GROUPWISE CROSS-PLATFORM CLIENT 
The GroupWise cross-platform client install is distributed as an 
installation script named install, and as an RPM (Red Hat Package 
Manager) file. To install the GroupWise client, you can use either 
the RPM or the installation script. Since it is recommended that the 
GroupWise client be installed using the installation script, this 
article won't cover installation via RPM. The install script and RPM 
are available on the GroupWise for Linux 6.5 CD, or you can 
download them from http://download.novell.com. 


ACQUIRING THE INSTALLATION FILES FROM THE CD 
To access the client installation files on the CD, you need to mount 
the file system on the CD to a mount-point in your Linux file 
system. Check your Linux distribution and desktop documentation 
for more information on how to access files from a CD. 

Once you can access the GroupWise CD, there are three ways to 
install the client: 


1 Run the install script found in the root of the file 
system on the CD (referred to as the Installation 
Advisor). Then select Install Products, followed by 
Install GroupWise Client. 


2 Run the client installation script, which is a file 
named install found in the /client/linux folder 


on the CD. 


3 Install the RPM manually, which is also found in 


the /client/linux directory on the CD. While this is an 
option, you should run the installation script if possible. 


You will want to make the installation script available to your 
users in a central location so they can install it. You may also 
choose to automate the installation and configuration of the 
client using ZENWorks for Linux Management, or another package 
distribution and management platform. We'll discuss using 
ZENWorks to deploy the GroupWise cross-platform client later in 
this article. 

While the client installation script is a shell script, it also 
contains binary data that is a tarball containing the GroupWise 
client RPM and a second helper script. Because of this, the client 
installation script is an autonomous file. This means that the 
GroupWise cross-platform client can be installed with nothing but 
the installation script, which is roughly 35 MB in size. 


ACQUIRING THE INSTALLATION FILES FROM DOWNLOAD.NOVELL.COM 
The GroupWise cross-platform client can be downloaded from 
http://download.novell.com. Browse to this site and search for the 
GroupWise cross-platform client download by selecting GroupWise 
Clients as the product. Search for all platforms, and you will find 
the cross-platform client. 

The download file is a compressed tarball, which contains both the 
RPM and the installation script. Once you have downloaded the 
tarball, uncompress it and extract it with the following command: 


tar -xvzf <filename>.tar.gz 


Of course, replace “<filename>” with the actual filename of the 
compressed tarball. 


USING THE INSTALLATION SCRIPT TO INSTALL GROUPWISE 

To install the cross-platform client using the installation script, you 
must be logged in as root. If you are not, the script will exit with an 
error without installing the client. 
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To install the GroupWise client, open a terminal window and log in as 
root. Change directories to the location of the installation script 
(named install), and execute the script with the following command: 


-/install 


Running the installation script with no parameters simply installs 
the client. However, unlike installing the RPM manually, the 
installation script also checks to see what version of the GroupWise 
client is already installed (if any), and takes appropriate action. 

If you want to back-rev your GroupWise installation, you will 
need to manually uninstall the GroupWise client, then run the 
installation script again. If you need to uninstall the client, use the 
following command: 


rpm -e novell-groupwise-gwclient 


RUNNING THE GROUPWISE CROSS-PLATFORM CLIENT 
Because installation locations are hard-coded in RPMs , the 
GroupWise client = will always be _ installed to 
/opt/novell/groupwise/client/bin. GroupWise client libraries are 
installed to /opt/novell/groupwise/client/lib, and the required 
version of Sun Microsystem’s JRE is installed to /opt/novell/ 
groupwise/client/jre. 

Once the GroupWise client is installed, there will be a 
GroupWise icon on the desktop. Simply click it to launch 
GroupWise. You can also start the GroupWise client from a terminal 
window by typing the following command: 


/opt/novell/groupwise/client/bin/groupwise & 


If the client was installed from a configured installation script, then 
the client will attempt to connect to the POA defined in the script, 
using your Linux login ID as your GroupWise mailbox ID (i.e., if 
you are logged into Linux as root, the client will try to log into a 
mailbox named root.) 


The look and feel of the GroupWise cross-platform client is 
very similar to the GroupWise Windows client. 
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You can also pass options to the GroupWise client on the 
command-line. The correct syntax for passing startup switches to 
the GroupWise cross-platform client running on Linux is: 


grpwise -switch=value 


For example, it is possible to force the client to attempt to connect 
to a specific server and port by using the “ipa” and “ipp” switches 
(both of which are supported by the Windows client): 

grpwise —ipa=10.0.0.11 -ipp=1678 

You can also configure KDE and Gnome desktop application links 


to the GroupWise client with any start-up options supported by 
the client. 


FEATURES OF THE GROUPWISE CROSS-PLATFORM CLIENT 
The look and feel of the GroupWise cross-platform client is very 
similar to the GroupWise Windows client. 

There are, however, a few features (as I am writing this article) 
that have not yet made their way into the cross-platform client: 


spell checking 

rules* 

junk mail management 

categories 

viewers for attachments 

remote mode to support modem connections 
S/MIME support 

document management support 


When you run Evolution for the first time, 
enter your identity settings in the Evolution Setup Assistant. 


Please enter your name and email address below. The 
“optional” fields below do not need to be filled in. unless 
you wish to include this information in email you send 


Required Information 


[Sean Kirkby 
Email Address: [skirkby@susesinds concentrico.net 


Optional Information 
.®% Make this my default account 


Full Name: 


= 
Reply-To: |skirkby@suse9Lnds concentrice.net 


Organization: [Concentrico. inc| 


Leena) (sue) (a) | 
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*Note that there are a number of triggers that cause rules to be 
executed. While you cannot create or modify rules using the cross- 
platform client, rules still work on mailboxes that are accessed 
using the cross-platform client. Rules can be created using the 
WebAccess client or the Windows client. 

Rules are defined and stored in the user mailbox database. 
Some rules are run by the POA when rule triggers are encountered. 
Other rules are triggered by events in the GroupWise client. Not all 
rule triggers work with the cross-platform client. In particular, rules 
that are triggered when new messages arrive, or when messages are 
filed in folders, DO work when the cross-platform client is used. 
Other rule triggers, such as Startup and Exit, do NOT work with the 
cross-platform client. (See Figure 1.) 


EVOLUTION V2 WITH GROUPWISE 

Evolution strongly supports Internet messaging standards, such as 
IMAP, POP3, iCalendar, LDAP. vCards, and S/MIME. In addition, 
Evolution v2 sports native integration with Novell GroupWise 
agents and Microsoft Exchange 2000/2003 servers. 
Let’s focus on using the Evolution client to access GroupWise 
mailboxes. 
Evolution v2 includes native support for accessing a GroupWise 
mailbox using a new SOAP-based protocol (GW-SOAP) that is built 
into the POA. (At the time I wrote this article, the GW-SOAP 
protocol was only available in the Linux POA, and was not 
supported for public use. GW-SOAP was initially designed for use 
by the Evolution development team, and will be made available to 
the public development community soon. Eventually, support for 
GW-SOAP will exist in the POA on all platforms.) 


When you select GroupWise as the type of server, enter either the 
POA host name or IP address and the username, etc. 


Please enter information about your incoming mail 
server below. if you are not sure, ask your system 
administrator or Internet Service Provider. 


Server Type: | Novell GroupWise hal 
Description: For accessing Novell Groupwise servers 


Configuration 


Host: [too 3.47 

Usemame: |skirkby 
Security 

Use Secure Connection (SSL): | Whenever Possible # 
Authentication Type 


| Password + } i Check for Supported Types j 


(4) Remember password 


[Xsancel|) { gepeck | (scorers) | 


vesicanasneseasaiti —<--] 
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While you can use IMAP and POP3 to access GroupWise messages, 
they can’t be used to access calendar or address book data. In 
contrast, GroupWise will provides support accessing messages, 
calendar data and address book data. 

Although GroupWise SOAP interface will support sending and 
retrieving e-mail through the POA, Evolution integration with 
GroupWise uses IMAP to retrieve e-mail messages, SMTP to send 
them and GroupWise SOAP interface to access calendar and 
address book data. For Evolution to successfully provide access to 
a user’s GroupWise account, your GroupWise server must be 
configured properly. 


CONFIGURING THE GROUPWISE SERVER 

Because protocols 
fully-functional messaging interface to GroupWise, all three 
protocols must be properly configured and available on your 


Evolution uses three to provide a 


GroupWise server. 


NOTE It is possible to have the SMTP sending 
server be on a different machine than the POA. See the 
Configuring and Running Evolution section on p. 88 
for more details. 


Of course, the GroupWise POA must be running on the server in 
order for Evolution to provide access to calendar and address book 
data. In addition, you should use either the POA or the GroupWise 
Internet Agent (GWIA) to provide IMAP services to Evolution. 
Finally, you can use GWIA or another SMTP server (such as Postfix 
or Qmail) to provide SMTP services to Evolution for sending e-mail. 


Continue setup by specifying whether or not Evolution 
should automatically and regularly check for new items, 
and wheather all GroupWise folders should be checked. 


Please select among the following options 


Checking for New Mail 


=< 


(Automatically check for new mail every |10 is] minutes 


\%& Check for new messages in ail folders 


iC Apply filters to new messages in inbox on this server 
& Automatically synchronize remote mail locally 
Address Book And Calendar 


Post Office Agent SOAP Port: [ne 
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RECOMMENDED SETUP 

recommend letting the POA handle IMAP access for your 
Evolution clients, since you have to run the POA anyway (for GW- 
SOAP access), and since IMAP access to GroupWise accounts is 
more efficient through the POA than through GWIA. 

I also recommend using GWIA to provide SMTP services, since 


you can easily allow authenticated access to relaying without 


making GWIA an open relay. This way, the authentication 


credentials would be the same for sending via SMTP as they are for 


accessing messages through IMAP, and for accessing calendar and 
address book data through GW-SOAP. With this configuration, you 
won't have to maintain a separate authentication database for the 
SMTP server, and users won't have to worry about different 
credentials for each protocol. 

Finally, I recommend that the POA and GWIA both be 
configured with an SSL certificate and key. GW-SOAP, IMAP and 
SMTP are all plain-text protocols, and all support an authentication 
step. Without SSL encryption, authentication credentials (including 
the GroupWise user ID and mailbox password) are transmitted over 
the wire in plain-text. 


CONFIGURING THE POA FOR USE WITH EVOLUTION 
In order for the Evolution client to use the new GW-SOAP protocol, 
you must first configure the POA to enable GW-SOAP access. In 
addition, you should enable the POA to handle IMAP traffic. 

You should also configure the POA with an SSL certificate and key. 
Check the POA documentation for more details on how to do this. 


ENABLING IMAP ON THE POA 
By default, the POA does not accept IMAP connections. To enable 
IMAP support in the POA, simply modify the POA Agent Settings 
configuration in ConsoleOne. If you configure the POA with an SSL 
certificate, you should also enable SSL encryption for IMAP in the POA 
(on the Network Address settings tab for the POA in ConsoleOne). 


CONFIGURE AN HTTP PORT ON THE POA 
Communication from a GW-SOAP client (such as Evolution) to the 
POA occurs over HTTP, and uses the HTTP port that the POA 
exposes. Historically, this port has been used to provide an HTML- 
based admin console to the POA, allowing access to statistics, log 
files and limited administration functions. 


The gwpoa.xml file is an XML file. When the gwpoa.xml file is first created, the contents of the <Services/> tag, which enables the GW-SOAP protocol in 


the POA, are commented out. To enable the GW-SOAP protocol in the POA, simply remove the comment marks. 


BEFORE 


AFTER 


<?xml version="1.0"?> 
<Xis dt="Configuration"> 
<Services dt="Services"> 
<!-- 
<GWDispatcher dt="Service"> 
es 
</GWDispatcher> 
<GWaAddressing dt="Service"> 
Sai 
</GWAddressing> 
<GWDocuments dt="Service"> 
<5 
</GWDocuments> 
<GWMessaging dt="Service"> 
Sua > 
</GWMessaging> 
<GWCalendaring dt="Service"> 


Sie 
</GWCalendaring> 
--> , 
</Services> 
<Logger> 
<XisNone/> 
</Logger> 


</Xis> 


<?xml version="1.0"?> 


<Xis dt="Configuration"> 


<Services dt="Services"> 


<GWDispatcher dt="Service"> 
ne 
</GWDispatcher> 
<GWAddressing dt="Service"> 
S5. 
</GWAddressing> 
<GWDocuments dt="Service"> 
Sines 
</GWDocuments> 
<GWMessaging dt="Service"> 
Senne 
</GWMessaging> 
<GWCalendaring dt="Service"> 
S45 
</CWCalendaring> 


</Services> 

<Logger> 
<XisNone/> 

</Logger> 


</Xis> 


TABLE 1 
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Evolution will use the same HTTP port for GW-SOAP 
conversations that you use when you browse to the POA for the 
HTML admin interface. 

If you have configured the POA with an SSL certificate and key 
file, you should enable SSL encryption on the HTTP port. This is done 
on the Network Address settings tab for the POA in ConsoleOne. 


MODIFY THE GW-SOAP SERVICES CONFIGURATION FILE FOR THE POA 
Once the POA is configured with an HTTP port, you need to 
configure what services the POA will provide over the GW-SOAP 
protocol. This is done by modifying the GW-SOAP configuration 
file, which is created when the POA is installed. The GW-SOAP 
config file can be found in the following directory: 


/opt/novell/groupwise/agents/bin/gwpoa.xml 


The gwpoa.xml file is an XML file. When the gwpoa.xml file is first 
created, the contents of the <Services/> tag, which enables the 
GW-SOAP protocol in the POA, are commented out. To enable the 
GW-SOAP protocol in the POA, simply remove the comment marks. 
(See Table 1.) 

Any text editor, such as Vim, Kate or gedit, will be suitable. 
After modifying gwpoa.xml, restart the POA: 


/etc/init.d/grpwise restart 


The POA is now ready to accept GW-SOAP connections on the 
HTTP port. 


Continue setup by choosing one of two server types to send e-mail: 
SMTP or Sendmail 


Please enter information about the way you will send 
mail. if you are not sure, ask your system 
administrator or internet Service Provider. 


Server Type: | SMTP + j 


Description: 


For delivering mail by connecting to a remote 


mailhub using SMTP. 


CONFIGURING GWIA FOR USE WITH EVOLUTION 

Although GroupWise SOAP interface provides the ability to send and 
retrieve messages, Evolution uses IMAP to retrieve messages from a 
GroupWise mailbox, and SMTP to send messages. IMAP access to 
GroupWise mailboxes can be accomplished through the GroupWise 
6.5 POA, or through the GroupWise Internet Agent (GWIA). 

As I mentioned before, | recommend that IMAP access be 
handled by the POA. If you configure the POA to handle IMAP 
traffic, and the POA and GWIA are running on the same server, you 
will need to disable IMAP in GWIA. 

As you will see, one possible configuration of Evolution forces 
you to have your SMTP server and your IMAP server on the same 
machine. In this configuration, Evolution does not provide a way to 
specify relay authentication criteria. If you are using GWIA, 
Evolution users will not be able to send to non-GroupWise 
recipients unless GWIA is configured as an open relay. If the SMTP 
port on GWIA is not accessible from the outside, configuring GWIA 
as an open relay is not harmful; indeed this will prevent users from 
having to worry about authenticating in order to relay messages to 
the outside world. However, if GWIA is exposed outside of your 
network, or if you are generally uneasy about configuring GWIA as 
an open relay, you can configure GWIA to prevent open relaying. 
In addition, you can select an Evolution configuration that will 
allow you to specify Evolution with authentication criteria. (See 
Configuring and Running Evolution on p. 88.) In this configuration, 
it is also possible to run GWIA on a different server than the POA, 
and to enable SSL encryption for the SMTP protocol. 


Alternate Evolution Send Mail Settings Dialog 


Please enter information about the way you will send 
mail. if you are not sure, ask your system 
administrator or Intemet Service Provider. 


Server Type: | SMTP 245 


Description: For delivering mail by connecting to a remote 


mailhub using SMTP. 


Server Configuration 


Host: |10.0.3.42 


Use Secure Connection (SSL): t Whenever Possible . # j 
Authentication 
Type | bogin | (Cheek for supported Types 
Username: fxidy 


i Remember password 


(xem) Leann) | 
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If your users will be authenticating in order to relay through GWIA, 
I also recommend configuring GWIA with an SSL certificate and 
key so that authentication credentials will be encrypted in transit. 


INSTALLING EVOLUTION 
When I wrote this article, the Evolution v2 client was still in beta 
testing, so all of the testing I did was with v1.5, which is the 
Development Snapshot for the v2 release. 

It is expected that Evolution v2 will be available as part of the Novell 
Linux Desktop v9, which is expected to release in the Fall of 2004. 

Many Linux distributions include Evolution as an optional 
component. Check your Linux distribution documentation to see if 
Evolution v2 is included. 

You will also be able to download Evolution v2 independently 
from the Novell Linux Desktop package by browsing to 
www.novell.com/products/evolution. 


A WORD ABOUT DEPENDENCIES 

Evolution is a full-featured messaging client that makes use of a 
number of third-party libraries and toolkits. In order for Evolution 
to successfully install, each of the packages, libraries and toolkits 
that it needs must first be installed. 

I strongly recommend using an automatic dependency-resolving 
system to ensure that Evolution has all of the packages it needs before 
trying to install Evolution manually, especially if you are installing to 
a KDE desktop environment. Novell has indicated that when 
Evolution v2 releases, they will provide an easy installation path for 
Evolution outside of the Novell Linux Desktop environment. 


After configuring the sending server criteria, you will be 
prompted to give the account a display name. 


You are almost done with the mail configuration process. 
The identity, incoming mail server and outgoing mail 
transport method which you provided will be grouped 
together to make an Evolution mail account. Please enter 
a name for this account in the space below. This name 
will be used for display purposes only. 


Account Information 


Type the name by which you would like to refer to this account. 
For example: “Work” or "Personal" 


Name: [Skirkby @ GroupWise| 
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In addition, consider the Advanced Package Tool (apt). There 
are repositories for most popular distributions of Linux which 
include the latest release of Evolution, as well as all of the 
packages, libraries and toolkits that it needs. There may also be 
automated-installation and dependency-checking solutions for 
your particular distribution of Linux; check the documentation for 
your distribution. 

As Evolution v2 is currently in beta, details of how Novell plans to 
make it available have not been finalized. Check the Evolution product 
site for more information: www.novell.com/products/Evolution 


CONFIGURING AND RUNNING EVOLUTION 
Once Evolution is installed, it is easy to run. The installation puts 
the Evolution binary in the following location: 


/opt/gnome/bin/evolution-2.0 


In addition, the /opt/gnome/bin directory is placed in the $PATH 
environment variable, which means you can run Evolution without 
explicitly referring to its path. To run Evolution, type the following 
command: 


evolution-2.0 & 
When Evolution runs for the first time, the Evolution Setup 


Assistant will be launched. The Setup Assistant will guide you 
through five main phases of setting up the Evolution client: 


Evolution allows you to create a new account 
after it has already been run. 


Enabled Account name 


i ‘skirkby @ GroupWise [Default] a 


Calendar and Tasks 


Certificates 


% lose] 
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» Identify yourself 

« Configure Evolution to receive e-mail, access calendar and 
address book items 

» Configure Evolution to send e-mail 

» Name the Evolution account 

= Selection of time zone and save settings 


IDENTIFY YOURSELF 
When you run Evolution for the first time, you will receive a 
Welcome dialog. After getting past the welcome prompt, you get 
the Identity Evolution Setup Assistant dialog: (See Figure 2.) 

Fill in your full name, your e-mail address and the reply address 
your outbound e-mail should include. 


CONFIGURING EVOLUTION TO RETRIEVE GROUPWISE ITEMS 

Next, you will be prompted to specify from what type of server 
Evolution will be retrieving your e-mail, calendar data and address 
book data. A new server type setting, not available in versions of 
Evolution prior to v2, is Novell GroupWise. When you select this 


type of server, you will be prompted for the POA host name (or IP | 


address), as well as a username. Type in the address for the 
GroupWise server, and your GroupWise account ID. (See Figure 3.) 


CONFIGURING SSL ENCRYPTION 
In addition, you can configure Evolution to use SSL encryption in 
its communications with the GroupWise server. 

Note that Evolution actually uses two different protocols to 
receive e-mail, calendar items and address book items from 
GroupWise: IMAP and GW-SOAP. In addition, Evolution uses the 
SMTP protocol to send e-mail. 

I recommend configuring the POA to support SSL encryption of 
its IMAP and HTTP traffic, and configuring Evolution to use SSL. 

If you configure Evolution to always use SSL encryption, you 


Evolution v2 has a familiar look and feel when it comes to messaging 
and collaboration clients. Shortcut links on the left side of the client allow 


you to choose to view e-mail folders, calendars, tasks and contacts. 
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must ensure that the POA is configured with an SSL certificate and 
key, and that SSL encryption is enabled for both the HTTP port and 
the IMAP port in the POA configuration (in ConsoleOne). 
Otherwise, Evolution will not be able to communicate successfully 
with the POA. 

In addition, if the sending server is configured to always use 
SSL encryption, you must ensure that the GroupWise Internet 
Agent running on the GroupWise server is configured with an SSL 
certificate and key, and that SSL encryption is enabled for the 
SMTP protocol. 

Note also that the Authentication Type will always be Password. 


CONFIGURING RECEIVE OPTIONS, CONTINUED... 

Next, you will continue to configure Evolution to receive e-mail, 
calendar and address book items by specifying some basic 
options, including whether or not Evolution should 
automatically and regularly check for new items, and whether all 
GroupWise folders should be checked for new e-mail (rather 
than just the main Mailbox folder). 

In addition, you need to specify on which port the 
GroupWise POA will accept SOAP/HTTP connections. This is the 
HTTP port that is configured for the POA in ConsoleOne. 
(See Figure 4.) ; 


CONFIGURING EVOLUTION TO SEND E-MAIL : 
Next, you will configure Evolution to send e-mail. There are two 
available options: SMTP and Sendmail. Evolution will attempt to 
connect to the server on port 25 in order to send e-mail. 
(See Figure 5.) 


There are circumstances under which you should select SMTP as 
the sending server type. These circumstances include cases where 
additional settings regarding the SMTP server are needed. 


You can display multiple calendars together on the 
Calendars view, including your GroupWise calendar and 
a shared calendar from another source. 
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You should set the sending server type to SMTP in cases where: 


you need to specify authentication criteria (because the SMTP 
server in use will NOT be configured as an open relay), 
you need to specify a host address that is different from the 
receiving server address, or 
you need to enable SSL encryption for SMTP connections. 

(See Figure 6.) 


Selecting SMTP as the sending server type will open up options 
that are not available if the server type is. In addition to 
allowing you to configure authentication parameters, you can 
also specify a host for sending messages that is different than 
the host from which messages are rerieved and you can also 
specify that Evolution should SSL to encrypt 
communications with the SMTP server (including relay 


use 
authentication). 


NAMING THE ACCOUNT 
After configuring the sending server criteria, you will be prompted 
to give the account a display name. (See Figure 7.) 

This account name is for display only. Evolution can be 
configured with multiple accounts of different types for managing 
e-mail from different sources, and the names you give to the 
accounts you create should be meaningful to you. 


Which Client is Right for Me? 


When Novell announced that it intended to acquire Ximian, | (like many 
others) was anxious to see how Novell’s messaging story would play out for 
the Linux desktop. As you plan the migration of enterprise desktops to Linux, 
consider these items when choosing the messaging interface you will support. 


The GroupWise client will be a good choice if your users have been using 
GroupWise and are used to some of the strong collaboration features it has. 
In particular, features you won’t get with Evolution include: 


Proxy 

Status Tracking 

Message Retracting 

Calendar Item Delegation 

Folders shared with other GroupWise users 
Discussion threads and posted messages 
Access to GroupWise archives 
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After naming this account, you will be prompted to select you 


rtime zone. Finally, you will be prompted to save your settings. 


After doing so, the Evolution client will open. 

You can also create a GroupWise account after Evolution has 
been run for the first time. Just select the Tools | Settings menu, 
then select the Mail Accounts option. From here, you can click the 
Add button, and configure a new GroupWise account, as described 
above. (See Figure 8.) 


EVOLUTION FEATURES 
Evolution v2 has a familiar look and feel when it comes to 
messaging and collaboration clients. Shortcut links on the left side 
of the client allow you to choose to view e-mail folders, calendars, 
tasks and contacts. 
The GroupWise e-mail folders show up under the name you 
gave to the GroupWise account when you created it. The calendar 
and contacts views allow you to choose whether to display various 


calendar and address book contents. For instance, you can display 
multiple calendars together on the Calendars view, including your 
GroupWise calendar and a shared calendar from another source. 
(See Figures 9 and 10.) 


A SUITABLE LINUX DESKTOP 
Application user interfaces is where the rubber meets the road when 


it comes to productivity in a technical environment; if users simply 


The look and feel of the GroupWise cross-platform client will be familiar 
and comfortable to users who have used the GroupWise Win32 client. 
However, the GroupWise cross-platform client doesn’t yet integrate with 
Novell Linux Desktop and other desktop applications (such as OpenOffice) 
as strongly as Evolution does. Here are some specific features not 
currently in the GroupWise cross-platform client: 


Integrated support for all MIME types (for automatic handling of all 
attachment types that are registered with the desktop environment) 
Cleaner attachment handling 

Easy copy and paste to/from OpenOffice and other applications 
Spell Checking 


In general, Evolution will fit into a more unified desktop environment, 


while GroupWise will provide some strong collaboration features on which 


GroupWise users have often come to depend. 


can’t use the tools they have, then they 
simply won't get their work done. 

In the past, doubters and disparagers 
have pointed to a notable lack of true 
productivity tools on the Linux desktop as 
a reason not to migrate. And while 
Evolution has long provided an interface 
that rivals the most popular messaging 
clients on Windows, it hasn’t been a viable 


Instant Messaging on 
the Linux Desktop 


Users who want instant messaging access on 
the Linux Desktop have options too. Novell 
GroupWise Messenger provides a secure, NDS- 
managed solution for provisioning and 
controlling an enterprise instant messaging 
system. For enterprises that want to limit use 
of instant messaging to the enterprise, Novell’s 
cross-platform instant messaging client is the 
answer. It’s easy to install, and works just like 
its Windows counterpart. 

Another option is Gaim, an instant 
messaging client that supports a wide variety 
of IM systems. A plug in has been created that 
allows Gaim users to connect to Novell 
GroupWise Messenger servers. 

Gaim was originally developed as an AIM 
client for Linux, but through its plug in 
framework, it now supports MSN, ICQ, Yahoo!, 
AIM, Jabber, IRC, Napster, Gadu and now 
GroupWise Messenger. 

If you intend to allow your Linux desktop 
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option for shops that opt for the more- 
secure, NDS-managed GroupWise system 
in the server room. 

But with the release of Novell GroupWise 
for Linux v6.5, the GroupWise cross-platform 
client, and Evolution v2 with native support 
for GroupWise mailboxes, Novell has added a 
formidable argument to its case in support of 
the Linux desktop in the enterprise. N 


users to maintain IM accounts on public systems 
such as AIM and MSN, as well as provide 
internal IM accounts through GroupWise 
Messenger, Gaim is the IM client you should 
choose. (There’s a Windows version as well.) 

Adding a GroupWise Messenger account 
to the Gaim client is as simple and intuitive as 
adding accounts for any other system. In 
addition, a variety of plug ins that provide 
other features are available, such as a plug in 
that auto-reconnects you if you get 
disconnected from a server, and a plug in that 
displays your last conversation with a buddy 
every time you start a new one. 

If you intend to lock down the use of IM by 
the Linux users in your enterprise, and only pro- 
vide access to the internal GroupWise Messenger 
system, you should roll out the GroupWise 
Messenger cross-platform client for Linux. 

Both clients support individual and group 
chats, and are comparable in their feature sets. 
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NLESS YOU'VE BEEN LIVING IN A CAVE 
tons you don’t follow the news at Novell, which amounts to the same 
thing) you already know about the release of SUSE LINUX 
Enterprise Server 9. It’s the first and only Linux distribution that 
includes kernel 2.6.5. That means it’s the only distribution offering: 


Support for non-uniform memory access (NUMA) servers, 
eliminating performance bottlenecks at the memory bus to 
enable massive scalability in multiprocessing systems. 
Support for up to 512 CPUs on a single server, including the 
64-bit Intel Itanium* architecture. (How’s that for scalability?) 

» Support for more than 4 billion unique users and groups on a 
single system. Did I mention scalability? 
Support for one billion PIDs before wraparound for a huge 
performance boost on very busy systems. (Whoooo! Scalability!) 


As the industry’s premier set up tool, the YaST Control Center gives you 
point-and-click access to a wealth of setup and configuration options. 
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File systems up to 16TB, with improved 64-bit support even on 
many 32-bit block devices. Now that’s scala...you get the idea. 
Hyper-threading support that allows a single physical processor 
to act as two or more processors in multitasking environments 
and multithreaded applications. 
Expanded support for large storage arrays, print farms and other 
multiple devices. For example, SUSE LINUX Enterprise Server 9 
can manage up to 32,000 SCSI disks— among 4095 major device 
types and more than a million subdevices per type. 

| Kernel support for Native POSIX Thread Library, significantly 
boosting performance for heavily threaded systems—like those 
32,000 SCSI disks we just mentioned. 


In addition to the Linux kernel 2.6.5, SUSE LINUX Enterprise 


Server 9 contains the latest versions of all these packages: 


The DNS Wizard lets you update forwarders automatically via 
the PPP daemon upon dialout, or set forwarders manually. 


‘owe Seasons tenet! 


Forwarders 

To ollow the PPP daemon to 
update the forwarders after 
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forwarders only, set 
Forwarders Only, To do 


always full DNS lookup, do 
not check any of these check 
boxes 


To add a new forwarder, set 
its IP Address and click 

Add. To delete configured 
forwarder, select it and click 
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glibc 2.3.3 
GCC 3.3.3 
XFree 4.3.99 
Samba 3.0.4 
Apache 2.0.49 
Bind 9.2.3 
GNOME 2.4.2 
KDE 3.2.1 


There’s a lot more to like about SUSE LINUX Enterprise Server 9— 
but you already know that, right? What you really want is to see it 
in action. Well, unfortunately, we can’t purchase a few hundred 
CPUs for you and show you how to configure them into a grid that 
can render the next animated blockbuster and make you an instant 
billionaire. But in the limited space of this article, we can show you 


You can add, edit or delete DNS using the DNS Wizard. 
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how easy it is to install and configure SUSE LINUX Enterprise 
Server 9 on a typical box using YaST—the open-source, GUI-based 
management tool that just about does it all. 


INSTALLING SUSE LINUX ENTERPRISE SERVER 9 

Before playing with different configuration options, you first need 
to install SUSE LINUX Enterprise Server 9 on a test box. This may 
seem a bit tricky, but here are the complete steps for performing 
the installation: 


1 Insert CD 1 and follow the instructions on your screen. 
2 Pat yourself on the back for a job well done. 
It really is that simple, and it’s the same no matter what flavor of SUSE 
You can finish a basic DNS server setup with just a 


few mouse clicks, or go to the Expert Configuration 
mode for more advanced settings. 


Finish the DNS Server Installation - Finish Wizard 
configuration check the | “oo tale i gee 
entered settings before Start up behavior 


| Rolstiegihe configuration. Qn, start DNS Server now and with booting 
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LINUX you’e installing—from the smallest desktop to the largest 
enterprise server. Well, OK, there are a few choices you'll need to 
make depending on your hardware configuration, whether you want 
to run Linux in a partition alongside Windows, and so on. If you want 
more details, check the first sentence of this paragraph again. The 
installation process really is the same for different varieties of SUSE 
LINUX—and that includes SUSE LINUX Enterprise Server 8. 

That means you can follow Ronald Nutter’s excellent 
instructions for installing SUSE LINUX Enterprise Server 8. The 
exact same instructions work perfectly for SUSE LINUX Enterprise 
Server 9, and you'll find them in Tech Talk #1 of Novell Connection 
Magazine, May/June 2004. Recycled that issue already? No 
problem—you can find it online at: www.novell.com/connection 
magazine/2004/05/tech_talk_1.html. 


In Expert Configuration mode, the left-hand 


pane gives you a menu of advanced options. 


DNS Server - Start Up 
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For your test setup, follow Nutter’s directions for a graphical user interface 
(GUD) installation. When you’re done come back here for some DNS fun. 


INTRODUCING YAST 2 

Still scratching your head because you thought installing Linux was 
supposed to be hard? Or maybe you've installed it before and it was 
hard? How could it have been so easy this time? 

Welcome to YaST 2. Despite its name (Yet another Setup Tool), 
YaST is actually the industry’s premier tool for installing and 
configuring Linux, as well as setting up a Linux box as a DNS server, 
FTP server, File/Print server, proxy server, DHCP server, mail server 
and a whole bunch of other options. And because YaST is included 
with SUSE LINUX Enterprise Server 9, it’s one of the best reasons for 
choosing Novell for your Linux distribution. (See Figure 1.) 


Enter the workgroup or domain name on 
the first dialog of the Samba module. 


Workgroup or Domain 
Selection 

All available workgroups or 
domains found en your 
network are listed here 


Select one of them ortype 
your own new name and click 
Next 


FIGURE 6 


For more information on taking advantage of Novell ZENworks 
Linux Management with YaST, see Automatic Software Updates 
Using Novell ZENworks Linux Management and YaST on p. 103. 


One of the most overlooked requirements in designing a software 
management system is network bandwidth. Consider that the 
amount of system information and instructions communicated 
between a managed system and the ZENworks Linux Management 
server is relatively small in comparison to the megabytes of data 
contained in an RPM-based software package that are downloaded 
and installed. Efficient bandwidth management is essential if you 
don’t want the network to grid to a halt during software updates. 

ZENworks Linux Management is designed to help preserve 
bandwidth. For example, managed systems doing automatic updates 
will not all try to connect to the server all at once. Instead, they 
will delay their request by a random length of time, within a 
configurable total time span. This effectively staggers the request, 
ensuring that each managed system can access the server. 

This feature and others can be very helpful in preserving 
bandwidth for managed systems that are located together. 
Dealing with bandwidth issues over a wide area network presents 
a different set of problems, however. If business centers are 
distributed across the country or across the world, having all 
managed systems come back to a central system for their updates 
can be a costly and slow process. 

Fortunately, you have two alternative solutions for taming 
WAN bandwidth and both solutions are standard features of 
ZENworks Linux Management: 


CACHING 

The ZENworks Linux Management Cache allows for distributed package caching across 
your network. The cache handles all authentications and requests for packages for a 
specified group of managed systems. While the initial “fetch” of a software package is 
done over the wide area network, all other requests for that same package are serviced 
by the cache. This gives you a central server that all administrators can access and use, 
offering the most control. 


DISTRIBUTED SERVERS 

Another way of distributing packages is to use the ZENworks Linux Management 
Mirror and have ZENworks Linux Management servers at each location. The mirror can 
be configured to automatically download software package updates to the local server. 
In this configuration, a centralized repository of software can be maintained, but local 


administrators have control of channels, groups and update transactions. 


Either way, ZENworks Linux Management gives you powerful options for distributing software 
reliably, near and far, without compromising the productivity of network-dependent users. 


What do you get with YaST 2? For starters, you get the 
advantages of a completely open, enterprise-tested management 
tool. Earlier this year, Novell began offering YaST under the GNU 
General Public License (GPL). That means any software vendor 
can create modules for YaST. For example, IBM took just two 
weeks to create a module for installing and configuring DB2. 
Prefer Oracle 9i? There’s a YaST module for it too. In fact, says 
SUSE CTO Juergen Geck, “We have 4,000-plus packages of 
software open source-enabled to be installed and configured by 
YaST.” (SearchEnterpriseLinux.com, May 4, 2004.) 

For that matter, YaST 2 incorporates many new and improved 
configuration modules of its own: DNS, DHCP, NIS, LDAP. CA, VPN, 
Mail, TFTP, Firewall, Installation server, YOU server, Boot server, 
CD creation, User-Mode Linux (UML) and more. And it offers 
several new and improved installation methods, including NFS, 


If Windows clients will be logging in via this domain 
controller, choose PDC. If another server will be 
providing authentication services, choose BDC. 
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A domain controfier allaws he nth a ——— 
Windows clients to log in to a 


wWindons Genie, Current Domain Name: sales 


The backup controller uses - Type Selection for SAMBA Server 
another domain controller | 

for validation, The primary 
controller uses its own 
Information about users and 
their passwords 


The available options in the configuration dialogs 
_ depend on the settings in this selection. 

+ © Primary Domain Controlier (PDC) 

_Q Backup Domain Contralier (Boo) 

' © No Domain Controller 
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HTTP, FTP, VNC, ssh and SLP. 
But enough with the acronyms, already. Let’s get our hands 
dirty with a couple of simple YaST configuration tasks. 


WALKTHROUGH: USING YAST TO SET UP A DNS SERVER 

A Domain Name System (DNS) associates IP addresses with domain 
names that normal people can read and understand. YaST lets you 
easily configure a DNS server to perform this task for your local 
network —which is pretty important if the people in your organization 
want to get any work done. The DNS module in YaST has two modes: 


Wizard Configuration prompts you to make just a few decisions 
in order to set up a basic, but fully functional, DNS server. 
Expert Configuration lets you set up ACLs, logging, TSIG keys 
and other options. 


The Start Up tab lets you enable or disable 
Samba file/print services anytime, without 
changing the overall setup. 


|| Start up 

| | Here, choose ifthe server 

| | services should be started on 
| | system boot. 


Samba Configuration 
StartUp Shares | Identity | Trusted Domains 


On -- Enable Services Automatically and Start on Booting 
+ Off Disable Services 


Abort 
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AutoYaST: The Wha 
of Automatic Linux 


t, Why and How 
Configuration 


Despite its self-effacing name (Yet Another Setup Tool), YaST 
is without a doubt the most important tool for navigating the 
jungle of Linux configuration options. Adding “Auto” may not 
make the name a whole lot more exciting, but it does make 
setting up multiple, similarly configured Linux systems about 
as simple as it could possibly be. And no matter what you call it, 
that’s pretty cool. 


WHAT IS AUTOYAST? SUSE LINUX AutoYaST allows you to create a configuration for a 
single system or a set of systems. The configuration is stored in a control file that automates the 
installation process—ensuring consistency while tailoring each configuration to account for 


hardware differences, network settings and other differences. 


WHY WOULD YOU WANT TO USE AUTOYAST? To save yourself a whole lot of work, 
obviously. But even if you’re the type of IT geek who likes to make unnecessary work for yourself, 
you might consider: 


INSTALLING A LARGE NUMBER OF SIMILAR SYSTEMS. Setting up a high- 

performance computing cluster, for example, is simply too big of a job for one person, and too 

error-prone. Even someone with your proclivities doesn’t really want to stay up all night doing 

this kind of work—and all tomorrow night finding and fixing your mistakes. 

= INSTALLATION BY LESS-TRAINED OPERATORS. Sure, you're a genius—but 
wouldn't it be nice if your less-than-genius colleagues could help out with the installation? AutoYaST 
lets you trust just about anyone to install servers to your specifications, without your supervision. 

= INSTALLATION OVER LONG DISTANCES. Got a remote site without trained IT 
staff? Send over a prepackaged installation CD, have someone at the site run the CD and boot 
the server, and then (just to let them know who's in charge) go ahead and tweak the 
configuration manually over the network. 

™ QUALITY ASSURANCE. The best way to configure a consistent set of servers —correctly, 

every time—is to do it automatically. And the control file is the perfect documentation for the 


configuration of your installed systems. 


HOW DOES AUTOYAST WORK? 
Simple. You configure one server using YaST. When that configuration is exactly the way you 
want it, you use the AutoYaST module of YaST to write an XML configuration file. You can 

then specify this configuration file when running AutoYaST on other boxes to reproduce the 


exact same configuration. 


WHAT ABOUT DIFFERENT HARDWARE SETUPS OR 
DIFFERENT NETWORK SETTINGS? 
AutoYaST automatically detects hardware differences, and the control file can easily be tailored to 
any environment. That means you can easily install multiple systems that perform similar tasks in 
parallel—even if the boxes are different. Plus, AutoYaST takes care of network settings and other 
individual configurations without manual intervention. Configuring multiple Linux systems has 
never been so uneventful. 

And when it comes to server configuration, uneventful is just about as exciting as it gets. 
Hmm...AutoYaST...maybe it’s kind of sexy after all. 
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When you start the DNS module, you begin in Wizard 
Configuration. There are only three dialogs in this mode. As you 
step through the dialogs, you have the opportunity to enter Expert 
Configuration for any advanced options you need to set. What could 
be easier? To get a feel for how this works, let’s step through the 
Wizard Configuration. 


1 Start the YaST Control Center by choosing System YaST from 
the SUSE menu. When prompted, enter the root password. 


You see the Control Center screen. (See Figure 1.) 
From this screen, you can perform just about any Linux setup and 
configuration task you can imagine. To set up a DNS server: 


Use the Identity tab to enable WINS server support 
or specify a remote WINS server. Note the drop- 
down menu for accessing advanced settings. 


‘These options allow setuy 
of the identity of the 
server and its primary rol 
in the network. 


‘The base settings set up 
the domain and the 

server role. Backup 

Domain Controller and 
Primary Domain 
Controller allow login of 
Windows ctients into a 
Windows domain. The 
backup controller uses 
another domain controlier | 
for validation, The primary f= 
controller uses its own 
information about users 
and their passwords. If th 
server should not, 
participate as a domain 
controller, choose the No 
DC value. 


WINS Is a network 

protocol to map low-level 

network identification of a | 

host (for example, IP 

address) to a NetBIOS 

name. The Samba server 
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2 Click Network Services in the left-hand pane, then 
double-click DNS Server in the main window. 


This brings up the DNS Server Installation Wizard (See Figure 2.) 

On this dialog, you can choose whether the PPP daemon should 
provide a list of forwarders upon dialout via DSL or ISDN (PPP 
Daemon Sets Forwarders), or whether you want to supply your 
own list. Forwarders are the name servers (mostly of the provider) 
to which DNS requests should be forwarded if they cannot be 
resolved directly. For purposes of this demonstration, we'll let the 
PPP daemon provide the forwarders automatically upon dial-out. 


3 Select PPP Daemon Sets Forwarders. 


Here, you specify locations where the Samba server should 
look for user authentication information. 


User Authentication | 
Information 
Back-Ends 

Here, choose where the 
Samba server should look 
for the authentication 
information. The top one 
is used as a default for 
adding a new users 
Samba 3 supports 
multiple back-end types: 
and a same type can be 
used for multiple 
back-ends. 


smbpasswd file is the file | | 
using the same format as | 
the previous versions of 
Samba. Its layout is, 
similar to the passwd file, 

Itis possible to have @ 
multiple files in this 

format. 


LDAP is a URL of an LDAP 
server to check forthe 
information 


TDB database uses an 
| internal Samba database 
|] binary format to store and 
Jnakuin the infarmation 
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SUSE LINUX Enterprise Server 9 
includes User-Mode Linux (UML), 
and YaST offers an easy Wizard 
for setting it up. 


So what’s UML, and why would you want to 
use it? The elevator speech is that UML is a 
fully-functional Linux kernel that runs as a 
process in the user space. It runs its own 
scheduler, independent of the host scheduler, 
and its own virtual memory system that uses 
only the physical RAM it needs and can swap 
to disk if necessary. Each UML kernel can be 
assigned virtual resources, including a root file 
system and swap space, and can have its own 
hardware configuration entirely separate from 
that of the host. Everything, from network 
configuration to user accounts is contained 
within the individual Linux instance, so 
anything someone does to the UML kernel 
only affects that instance and does not upset 
the host at all. 

That's the regular elevator speech—now how 
about the Empire State Building elevator speech? 

Relying on the host system only for 
hardware support, UML provides you with a 
complete virtual machine, completely 
configurable through the command line. Users 
have reported running as many as 50 virtual 
Linux machines on one hardware box, each 
running its own processes that the host kernel 
is unaware of. Because each instance is 
shielded from interacting with other instances 
or with the host kernel, UML gives you a safe 
and secure way of running Linux versions, 
Linux processes and Linux-based applications 
without any risk to your primary Linux setup. 

That makes UML a great sandbox 
environment to experiment with removing 
Linux modules, modifying open-source 
applications or validating software 
interoperability —all without the wasted time 
and hassle of rebooting or possibly even 
reinstalling a crashed system. And that’s just 
the beginning. The ways you can use UML are 
limited only by your imagination: 


™ Maximize the return on your hardware 
investments by giving several users access 
to the resources of a single machine—with 
no chance that one user’s work will interfere 
with another's. 

™ Save money on new hardware purchases by 
maximizing CPU and memory utilization in 
your existing hardware. 

= Easily reconfigure resources to meet 
changing needs—without the time and 
expense of reconfiguring actual hardware. 

= Set up a UML kernel on your firewall 
that allows external users to access your 
network without any danger of hacking 
into your hardware. 

= Create a laboratory environment that allows 
developers to experiment with new 
solutions without interfering with normal 
network operations. 

m Stress-test software with multiple instances 
running in parallel. 

= Configure a virtual network to test your 
VPN solution, without paying for or 
installing VMware. 

= Build a virtual Honeynet to capture and 
analyze potential security threats — 
without spending a fortune on building 
an actual network. 

= Create a virtual backup e-mail server 
without spending money for a real one. 

= |mplement Web hosting, FTP, IRC and 
more without purchasing separate, 
dedicated servers. 

= We could go on and on, but we've got to 
get off at the next floor. 


Oh, by the way, keep in mind that the more 
UML instances you run on a single machine, 
the more you'll appreciate having ample 
memory. But then, memory is a whole lot 
cheaper to buy and easier to install than 20 
new servers, right? 

Hold the door a minute. One other thing: 
UML is just one of the standard features you 
get with SUSE LINUX Enterprise Server 9, and 
it’s easy to set up with YaST. OK? See ya! 
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The next choice is whether to have DNS requests forwarded before 
an attempt is made to resolve them via the root name servers or, 
alternatively, to forward all requests and send none to the root 
name servers. Let’s use the latter choice, which makes the most 
sense for firewall configurations. 


4 Select Forward Only button. 


The last option on this dialog lets you manually add an IP ddress. 
Any IP addresses you add, plus any IP addresses that are collected 
later by the PPP daemon upon dial-out, are displayed in the list at 
the bottom of the screen. You can run the DNS module anytime to 
see the list or add to it manually, but for now the list is blank. To 
move on to the next dialog: 


5 Click Next. 


Now we've added LDAP as an authentication source, 


and we're just about to remove the smbpassword file. 


User Authentication | 
Information E 
Back-Ends 
Here, choose where the | 
Samba server should look 
for the authentication 
information. The top one 
is used as a default for 
adding a new users 
Samba 3 supports 
multiple back-end types 
and a same type can be 
used for multiple 
back-ends 
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You see the second dialog of the DNS Server Installation Wizard 
(See Figure 3). 

This dialog is about as straight forward as can be. You simply 
enter the name of a DNS zone, choose a Zone Type—Master or 
Slave —from the drop-down list, and click Add to add the zone to 
the list of Configured DNS Zones. You can also select zones to edit 
or delete as necessary. For purposes of our demonstration: 


6 Create and add zones to match the list shown in 
the sample screen in figure 3. 


7 Click Next. 
You see the final dialog of the DNS Server Installation Wizard (See Figure 4.) 


Here, you can choose whether to automatically start up the DNS 
server automatically every time the machine boots, or to start it manually. 


Choosing LDAP Settings from the Advanced Settings menu takes you to 
this screen, where you can specify the base distinguished name, admin- 
istration distinguished name, and set the LDAP administration password. 


Te Neti ni i 


LDAP Samba Server 
Options 

Here, set up details about 
usage of LDAP by the Samba 
server. 


Search Base DN 
(Distinguished Name) is the 
base at which to start 
searching the information 
Administration DN js used 
when creating new users and 
groups. If the administration 
ON requires a password for 
write access, set the 
password using Set LDAP 
Administration Password, 


n=Administrator.dc=exampledc=net 


Note:if you try to set the 
LDAP administration 
password, YaST2 will save 
the settings first 
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8 Under Start up behavior, select Off, the server will 
only start manually. 
You can also choose whether to store DNS zones in LDAP. 


9 If it’s not already active, select the LDAP Support 
Active button. 


That’s all there is to the basic DNS setup. You can review your 
Forwards and Domains, and if necessary click the Back button to 
back up and make any changes. You can also enter the Expert 
Configuration mode from this screen. Let’s take a quick look at 
those options before finishing up. 


10 Click Start DNS Server expert configuration. 


The Expert Configuration options now appear in the left-hand pane 
of the dialog. (See Figure 5.) 

You can modify any of the options listed in the left-hand pane. 
We won't do an Expert Configuration now, but to give you a sense 
of what’s possible: 


11 Click on each of the options in the left-hand pane 
and take a look at the corresponding setup screen. 


You've already seen the Start Up and Forwarders screen. As you 
can see by clicking on each of the other options, Expert Configuration 
also allows you to: 


Set basic options, such as the directory name, dump-file 
location and more 

Define contents, location and logging options for the DNS 
server's log file 

Create Access Control Lists (ACLs) in order to enforce access 
restrictions 

Set TSIGs (Transaction Signatures) to secure communications 
between DHCP and DNS servers 

Define the properties of DNS master and slave zones 


Automatic Software Updates Usin 
ZENworks Linux Management and YaST 


Getting software updates on your own can be big problem. You could 
spend hours each week reading errata and searching for new software 
packages—trying to determine which updates are critical and which can 
be implemented later. On top of that, you have to worry about whether 
installing new software will break something in previously deployed 
systems and applications. 

The answer? Just say YaST. Now shipping with SUSE LINUX Enterprise 
Server 9, YaST is a powerful tool for a wide variety of management tasks— 
including software updates on single systems. YaST uses the YaST Online 
Update (YOU) service to obtain software updates produced by SUSE. 
ZENworks Linux Management—a powerful and secure software 
management solution for Linux server and workstation systems—can 
take advantage of the YOU service, enabling you to distribute software 
updates to all your managed systems automatically. 

To acquire the updates, you'll need to use the ZENworks Linux 
Management Mirror, which is included with ZENworks Linux Management. 
This is a special software module that works in conjunction with the ZENworks 
Linux Management server to obtain any new software packages from YOU, 
other services, and even other ZENworks Linux Management servers. Once 
configured, the mirror can add software packages and patches to the 
appropriate software channel for later distribution to your managed systems. 

While the entire process is automatic, you always have control over 
how and when the software is deployed. This is particularly important 
when you want to test and verify new software updates —a process that 
ZENworks Linux Management makes easy by exploiting the flexibility of 
channels and groups. The mirror can be configured to put new software 
packages into test channels that automatically update test machines 
using the transaction feature. Once you're satisfied with the new 
functionality, you can move the software packages to production 
channels that will then automatically deploy the packages across their 
infrastructure. Many current users of ZENworks Linux Management are 
already using this configuration with great success. 

ZENworks Linux Management, together with the YaST Online 
Update service, offers you a fast, powerful, highly manageable solution 
for reliably rolling out the latest software packages to the machines in 
your organization that need them most. 
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As you may have noticed, the Expert Configuration options are 
listed in the space that used to show Help information for the basic 
Wizard. No worries, though—if you need help on any Expert 
Configuration topic, just click the Life Preserver icon at the bottom 
left corner of the screen. 

When you're finished looking around the various Expert 
Configuration screens: 


12 Click Cancel to exit Expert Configuration without 
saving any changes. 


13 Click Abort to exit the DNS Server Installation 
Wizard without actually setting up a DNS server. 


Of course, if you really do want to set up a DNS server, and you’ve 
entered all the correct information, you can click Finish to complete 


Here, You can add, edit or delete shares, and 
toggle shares between enabled and disabled. 


the process. Or if you want to set up a DNS server later, you'll know 
exactly how to do it. Right now, though, we’re just taking YaST out 
for a test drive, and choosing Abort gives you a clean system for the 
next cool thing we're going to try. 


WALKTHROUGH: USING YAST TO SET UP AN LDAP-BASED 
SAMBA 3 CROSS-PLATFORM FILE AND PRINT SERVER 

Samba is an open source implementation of the SMB/CIFS (Server 
Messaging Block/Common Internet File System) protocols. It 
allows you to connect shared files, printers and resources across 
Linux, Windows, Macintosh, UNIX and OS/2 environments using a 
Linux host. Within your network, a Samba server can act as: 


A basic file and print server that makes directories and printers 
available across Windows and Linux end-user platforms 
‘ A Primary Domain Controller (PDC) that manages users and 


Add a new share by specifying the 
share name, description, type and path. 


| | enabled again 

| | Some of the shares are 

| | special For example, a share 

| | Homes is a special system 

| | share for accessing home 
directories of users. The | 

‘system shares can be hidden | | 

from the table by selecting | 

| | Do Not Show System 

| | Shares in the Fitter menu, 


| | Use Add to add a new share, 
|} Edit to modity already 
existing share, and Remove 
| | to completely remove the 
information about a share. 
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| | presented as a printerto 

| | clients. a Directory share is 

| | presented as a network disk. 
| | Share Path must be entered 
for a directory share. 
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passwords, enabling cross-platform clients to log in to a 
Windows domain 

A Backup Domain Controller (BDC) that enables access to a 
Windows domain while another Samba-based PDC provides 
authentication services 


Why use Samba? For one thing, it eliminates any need to 
upgrade from Windows NT 4.0 to an Active Directory-driven 
domain, since Samba offers NT 4.0-like PDC functionality while 
keeping your existing domain configuration. For that matter, 
Samba eliminates the need to use Windows at all for your domain 
controllers and file/print servers—so you avoid Microsoft 
licensing fees altogether. Plus, by running Samba you get a more 
stable, scalable, better-performing CIFS server. You can use 
Samba to: 


Create workgroups that incorporate domain-level application 
sharing 

Give users access to services that look and behave just like 
Windows, using affordable Linux servers 

Establish centralized authentication services using a Linux- 
based domain server 

Map Windows users’ home directories to personal, Linux-based 
storage space on the network 

Set up a login server with scripts that connect users, download 
the latest virus protection and perform other housekeeping 
tasks automatically 

Use NetBIOS to offer name-based communications between 
PCs, printers and other machines across different network 
architectures 

Use different authentication backends, such as LDAP, to store 
Microsoft client and user attributes 

Migrate an existing Microsoft NT 4.0 domain to a Samba server 
while keeping your current client domain configuration 


It gets even better. Because there’s a YaST module for installing, 
configuring and managing Samba, you don’t need to mess around 
with editing the samba.conf file manually. Now, the best solution 


for sharing files and resources is also the easiest to install and use. 
Need proof? Let’s configure an LDAP-based cross-platform 
file/print server right now, using the YaST Samba Server module. 


1 If it’s not already running, start the YaST Control 
Center by choosing System YaST from the SUSE 
menu. Enter the root password. 


2 Choose Network Services from the left-hand pane, 
then double-click the Samba Server module in the 
main window. 


3 Select or enter your domain name. The list shows all 
the available domains on your network. (See Figure 6) 


4 Click Next. 
5 Choose the domain controller setting. (See Figure 7.) 


NOTE If there is already a PDC or BDC for the 
selected domain, you can’t set up a second one. 


6 That's all there is to installing Samba. To configure 
it, click Next. 


7 On the Start Up tab, enable the Samba services to 
be started at system startup. (See Figure 8.) 


8 Select the Identity tab and enter a remote WINS 
server if you have one, or enable WINS server 
support. (See Figure 9.) 


9 Select User Authentication Sources from the Advanced 
Settings drop-down menu. You see the User Information 
Sources screen. (See Figure 10.) 

10 Use the Add and Delete buttons to add LDAP 
and remove smbpasswd file. (See Figure 11.) Click OK. 
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11 Select LDAP Settings from the Advanced Settings drop- 
down menu. You see the LDAP Samba Server Options 
screen (See Figure 12.) Click Set LDAP Administration 
Password to enter a password for write access to create 


new users and groups. 


If you leave the YaST Samba Server configuration module now by 
clicking OK, you'll be asked for the LDAP Administrator password 
again and for the password of the Samba Administrator. The 
module creates the needed account in LDAP and your Samba 
Server is now set up as a PDC for your domain. 

You can also share additional directories—for example, a Sales 
directory to be shared by the sales team. To add, edit, delete, 
activate or inactivate individual shares: 


12 Choose the Shares tab. 


You see a screen like the one in Figure 13. 

This screen shows all the available shares, including name, path 
and any comments that have been entered to describe each share. 
You can select a share to edit or delete, or toggle its status between 
enabled and disabled. To add a new share: 


13 Click the Add button. 
You're prompted to enter the share name (the name that appears to 
network users), share description, share type (printer or directory) 


and share path. For example: 


14 To add a sales share for the sales department, 
complete the dialog as shown in Figure 14. 


15 Click OK to accept your changes and return to the 
main Shares dialog. 


Feel free 
dialog. You'll find you can modify file sharing attributes such as 
Browsable, Case Sensitive, Follow Symlinks, Hide Dot Files, Hide 
Unreadable and so on. Be sure to choose Advanced Settings on the 
Identity tab to see options for Expert Global Settings, LDAP 
Settings, User Authentication Sources and more. In all, you can set 


o explore the various tabs and options on the Shares 


more than 100 configurable options with the simple, point-and- 
click interface provided by YaST. 
When you're through exploring: 


16 Click Abort on the main Shares dialog to exit the 
Samba 3 module without saving your changes. 


Of course, if you really do want to set up a Samba 3 file/print 
server, you can now see just how easy it is. Go ahead and enter the 
real settings you want to use, click OK, and you're all set. 


GET STARTED WITH SUSE LINUX ENTERPRISE SERVER 9 TODAY 
If you haven’t already got your hands on SUSE LINUX Enterprise 
Server 9, we apologize for getting you all hot and bothered. With 
kernel 2.6, YaST management and a whole lot more, this 
distribution of Linux isn’t just a viable alternative. It’s a new 
paradigm: a Linux server operating system that’s truly enterprise- 
ready. It’s a better way of doing things. 

We've only scratched the surface of what's possible. Don’t wait 
to get started trying out the scenarios we've presented here—and 
exploring the wealth of additional features that can help make your 


business stronger and your IT people a lot less stressed. 

Visit www.novell.com/linux to learn about everything Novell is doing 
in the Linux world, and check out www.suse.com for more information 
on SUSE LINUX products including SUSE LINUX Enterprise Server 9. 
And while you're at either site, follow the links to order a copy of SUSE 
LINUX Enterprise Server 9. After you've had a chance to see all you can 
do with it, we're sure you'll be back for more. N 
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O00 MANY GOVERNMENT OPERATIONS ARE 
isolated. Too many processes are paperbound. As a result, citizens 
are required to do things they would rather not do—fill out forms, 
seek assistance at multiple government offices and stand in long 
lines. And as everyone knows, these activities do not bring out the 
best in people. The gap between the quality of services that is 
possible and the quality provided is large—in many cases a 
yawning abyss—and having to stretch euros, dollars, yen or yuan 
year after year has reduced the options for improvement. 


It’s not fair to government workers, either. Far too often, 
processes that could be automated are not. So instead of serving 
the public to the best of their abilities, government workers are 
frequently engaged in menial, tedious tasks that waste their time 
and squander their expertise. 

And beyond the realm of simple inconvenience, government 
departments that the public depends on for their health and safety 
face constant challenges in their ability to communicate, coordinate 
and make quick decisions in the event of a crisis. 

But there is good news: things are changing. Many government 
agencies are using their limited funds wisely by investing in 
information technology. IDC estimated that governments 
worldwide will increase IT spending by 7.3 percent in 2004.' This 
trend is creating greater security at the local, regional and global 
levels. It takes care of matters online that previously required trips 
to government offices or citizens’ homes. It also takes provides data 
sharing and collaboration on cross-jurisdictional issues while 
improving the efficiency (and reducing the costs) of core services. 
If you're wondering where Novell fits in, the short answer is: at 
ovell has been a 
key technology provider to governments for nearly two decades. 
As part of ongoing global assessments of governments’ IT needs, 
ovell has determined that integrated functionality across critical 


he most important points of your value chain. 


echnologies, identity management and open source options can 
remendously improve both the effectiveness and responsiveness 
of government operations. As a result, Novell government solutions 
everage Novell’s strengths in these areas. With its Novell Nsure 
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secure identity management platform, Novell Nterprise and Novell 
exteNd product families and the recent integration of SUSE LINUX 
and Ximian into the Novell product line, Novell can now provide an 
unparalleled set of solutions that fit the needs of government 
customers precisely and cost-effectively. 


INTEGRATED FUNCTIONALITY 

Novell government solutions provide comprehensive, integrated 
functionality that leverages a secure identity management 
platform and the option to deploy open source technologies. (See 
Figure 1.) All solution components work together to help 
governments address operational challenges, improve citizen 
service and enable more informed decision making. These 
components provide real value to government organizations at all 
levels and across the globe. 


THE PORTAL: NOT JUST ANOTHER PRETTY INTERFACE 

One of the most difficult things government agencies have to deal 
with when it comes to online services is rising expectations. Rik 
Van Bruggen, director of solutions management for Novell in 
Europe, the Middle East and Africa, attributes these expectations 
to what he calls the “Amazon Citizens.” “They’ve been spoiled by 
Amazon, eBay and other successful, service-oriented Web sites,” 
he says. “Having everything at their fingertips all of the time, 
being able to track the status of all of their orders—Amazon 
Citizens know what's possible online and expect nothing less from 
their local governments.” 

Fortunately, the world’s toughest customers can be served by 
government portals on a par with the most sophisticated private 
sector Web sites. Consider what The Hague Council was able to 
accomplish online: 

When residents of The Hague receive their business or 
residential property valuation, they also receive a password and 
the Internet address for the help desk at the Municipal Taxes 
Service. The Hague Council Tax Office has created the site to permit 
residents to review their property valuations. Leveraging Novell 


technology and services expertise, this portal enables 450,000 
potential users and residents to look up the basis of their valuation 
assessment, check whether the information held by the municipal 
authorities is correct, respond immediately if necessary and 
communicate with government tax specialists—all with a single 
password. Mobile tax appraisers can also get the information they 
need anywhere, anytime using tablet PCs. 


With a Novell Nsure secure identity management solution, The 
Hague Council has created a central servi 
The directory serves as a central storage point for identity 
information on all users—citizens, businesses and government 
employees—who need access to Council applications and data. All 
users are authenticated through the central directory, enabling 


ces user identity directory. 


them to securely access the applications and data they need, 
through the portal, based on their identity profile. 

This is just one example of the many Novell portals deployed in 
today that are 
infrastructure investments and accommodating new applications — 
a Novell government solution that is adding value at all levels. 


government agencies leveraging existing 


PUTTING SILOS BACK ON THE FARM WHERE THEY BELONG 

Something governments everywhere have in common is the need 
to consolidate and integrate their IT resources, and do so cost- 
effectively. IDC shared this observation in a recent report. “As a 
whole, government agencies have operated fairly independently 
of each other,” the IDC analyst noted. “However, the state and 
local landscape has shifted over the past few years, and it is 
becoming increasingly evident that agencies need to bridge the 
silos within their organizations. In fact, many initiatives, such as 
homeland security and eGovernment, are contingent upon such 
successful integration.” 


‘IDC Market Analysis, Worldwide IT Spending Forecast by Vertical 
Market, 2002-2007 (December 2003) 

“International Data Corporation,U.S. State and Local Government IT 
Spending Forecast, 2002-2007 (July 2003) 
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The problem is, there’s a serious gap in many agencies today 
between the current state of infrastructure and IDC’s notion of 
successful integration. Multiple departments are running on 
different sets of core data. Applications are added on an ad hoc 
basis without real integration. Legacy applications and data are 
increasingly isolated. A fully integrated infrastructure is still a 
immer in an IT manager's eye. 
However, cost-effective integration solutions available today 
can enable government agencies to achieve a new level of 


administrative efficiency. That new efficiency can improve their 


Novell Government solutions leverage strengths in identity and 
open source to deliver secure, flexible and tightly integrated 
functionality across four categories of solution capability. 
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Open Source Options 
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ability to share information and respond to cross-jurisdictional 


issues in areas that range from national security to economic 
development. Traditional defense agencies and diplomatic corps 
can vastly improve communications (and responsiveness) 
internally and with the outside world. And, in the event of a 
disaster, police, fire and other first responders can standardize their 
incident management processes and coordinate their efforts like 
never before. Citizens benefit from single sign-on capabilities that 
let them departments 
conveniently—not to mention getting better service across the 
board. To top things off, all of this can be accomplished without 
compromising the security of people or information. 

Novell helps government IT departments achieve successful 
integration with Novell exteNd and Novell Nsure. The former is 
part of a dynamic, services-oriented architecture that integrates 
data and applications across system, platform and even geographic 


access numerous of government 


boundaries. The latter provides the identity-driven access controls 
that allow the network to deliver the right data and applications to 
the right people. Novell's cross-platform approach helps municipal 
and regional authorities integrate heterogeneous networks and 
tighten security, while providing residents with better access to 
information, and better service overall. 

So, just remember: silos are for livestock feed; they were never 
meant to house systems and information. Novell government 
solutions combine industry-leading technology and_ service 
expertise to help governments integrate systems, information and 
access successfully and securely. 


THE INTEGRAL, ONGOING RELATIONSHIP BETWEEN IDENTITY AND SECURITY 

Today, security is a key, inextricable component in every strategic 
initiative government agencies undertake. It’s like the milk in milk 
chocolate, or carbon in coal. Unfortunately, all too often, the 
quality of security leaves something to be desired. What is required 
is a secure IT infrastructure that aligns access to government assets 
(applications, information and physical facilities) with program 
needs and government policy. The infrastructure should also 
include the ability to track all access to resources through 
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mechanisms such as auditing, time stamping and digital signatures. 
Identity profiles within a comprehensive identity management 
system provide the basis for an effective security system. Every 
time anyone accesses a file from a government agency, visits 
sensitive areas of a government Web site or asks for confidential 
information from a government worker or database, identity must 
be established and confirmed. The same goes for instances where 
one device contacts another, or one server requests a file from 
another. Who's out there? Are you really who you say you are? 
What do you want? These are the practical questions that must be 
answered automatically in a matter of milliseconds. But identity 
management isn’t just for the sake of security anymore. 
Establishing identity is the basis for providing services. It is also the 
foundation for individual and group productivity, network access, 
compatibility of systems and devices and collaboration between 
people and agencies. What's more, because dynamic identity 
management is the basis for secure, personalized access by 
constituents, public trust in eGovernment services and higher 
adoption rates of those services are bound to follow. 

A recent Gartner report notes that governments face many of the 
same challenges as the private sector because they lack sophisticated 
identity management capabilities. “Over time, however,” the report 
states, “large-scale government implementations will drive identity 
and authentication standards and viability, and an identity and 
access management infrastructure that supports the required 
heterogeneity in ID, authentication and access management will be 


a 


increasingly important. 

A dynamic identity management system secures and automates 
the connections between data, applications and processes in the 
same way that identity management traditionally controls 
connections between people and resources. Identity management 
also protects citizen privacy through protocols and mechanisms 
that empower citizens to control how their identity information is 


Gartner, Government IT Security: The REAL Issue, 
Kreizman and Christopher Baum (October 2003) 
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Novell’s Commitment to 
Government Takes Many Forms 


ORGANIZING AROUND GOVERNMENT NEEDS 

In most of life’s pursuits, a team effort is better than individual heroics. 
Novell is taking that common sense to heart and driving organizational 
alignment with a cross-functional, global Government Solutions Team. This 
team benefits government customers by setting Novell's strategic direction, 
prioritizing investment decisions, planning marketing initiatives, ensuring 
operational consistency and harvesting best practices. One of the first 
initiatives undertaken by the Government Solutions Team was mobilizing 
government representatives from sales, marketing, upper management, 
alliance management, engineering, training—you name it—throughout the 
world into the Novell Government (or GO) Team. Through this team, three 
hundred Novell employees dedicated to and knowledgeable about 
government collaborate, share best practices and inform the corporate 
teams responsible for government solution development and support. 


PRODUCT CERTIFICATIONS MAKE CONSIDERATION 
(AND REQUISITION) EASY 
The Novell International Cryptographic Infrastructure (NICI) is the common 
infrastructure for security services incorporated into Novell products. This 
infrastructure has achieved Federal Information Processing Standard FIPS 
140-2 certification status, demonstrating that it meets U.S. Federal 
Government procurement requirements for the protection of sensitive data. 
In addition, Novell Linux solutions offer the security assurance levels 
required by government organizations around the globe. Novell SUSE LINUX 
has achieved an industry-leading Common Criteria Evaluated Assurance Level 
3+ (EAL 34) certification with a Controlled Access Protection Profile (CAPP) 
and is currently working to achieve EAL 4+/CAPP certification in the near 
future. This certification provides assurance that Novell's security levels have 
been evaluated, verified and endorsed by a qualified third party. It is 
internationally recognized proof that Novell SUSE LINUX product features 
and support processes meet or exceed security requirements for commercial 
operating systems products. In addition, Novell provides global Linux 
technical support and ensures that deploying Linux remains a safe choice 


through its Novell Linux Indemnification Program. 


SOLUTIONS SPECIFICALLY FOR 

GOVERNMENT ARE ON THE WAY 

Government decision makers will soon be able to take advantage of 
solutions specifically designed for government. These initial offerings 
will address government challenges in the areas of meeting citizen 
self-service needs and facilitating open source migration. Each of 
these offerings will integrate elements of the four solution capabilities 
described in this article: government portals, data and application 
integration, secure infrastructure and core foundation. These solution 
offerings are currently being tested and tuned with the help of 
government customers. Watch for announcements at BrainShare 
EMEA and elsewhere. 

In addition, Novell has become the first networking infrastructure 
vendor to reach an agreement with the U.S. General Services 
Administration to participate in the SmartBUY program for government- 
wide software purchasing. As part of the agreement, Novell has created a 
series of SmartBUY software offerings and service levels, including 
specific product bundles for infrastructure, Linux servers and desktops, 
Web services, and soon, secure identity management. Similar bundles of 
Novell products, packaged and discounted for government organizations, 
are available in Europe and Australia. These bundles provide government 
customers with flexibility in deployment and pricing, as well as simplified 
contract negotiation and licensing processes. 


THE IMPORTANCE OF PARTNERS 

Although Novell's reach is global, the company can’t do everything by 
itself. ISVs and channel partners play a key role by delivering Novell 
solutions to government or by taking Novell technologies and building 
their own services around them. Novell has a robust, global ecosystem 
including partners, training, services and support. Our strong relationships 
with partners around the world have resulted in successful government 
solution deployments at all levels. Many government organizations prefer 
to work through local integration partners, and Novell is actively working 


with its channel partners to meet the need. 
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shared among various government entities (known as identity 
federation), and “pseudonyms” or aliases that enable data integration 
for the purpose of statistical analysis, but provide only authorized 
agencies with access to personally identifiable information. 

Novell Nsure secure identity management solutions work with 
Novell integration and portal technologies —as well as virtually any 
competitive solutions you may be using—to deliver secure, cost- 
effective digital government services to a broad range of internal 
and external users. Numerous public agencies use proven Novell 
o the 
precise combination of information and resources they need— 


solutions to give employees, partners and citizens access 


often through a single user name and password. 
ovell solutions create a single, comprehensive view of user 
identities across government departments and agencies. Novell 
technology includes comprehensive access-management solutions 
that authenticate users through a wide range of techniques. The 
solutions support use of passwords, smart cards, biometric 
identifiers and other authentication methods—all of which may be 
deployed according to a jurisdiction’s security policies. These 


capabilities help agencies confidently respond to national security 
needs, as well as privacy regulations such as federal HIPAA 
mandates in the U.S. 


BUILDING ON BEDROCK: THE IMPORTANCE OF A STRONG CORE FOUNDATION 
Okay, so governments need IT solutions that offer interoperability 
across platforms, integration across applications, free-flowing 
collaboration among departments, and secure resource access for 
citizens, suppliers and government workers. Easier said than 
done, right? 

Actually, with a strong core foundation in place, you're well on 
your way. All of the above-mentioned attributes of efficient digital 
government operations reside in a core foundation that includes 
the operating system, core services such as file and print and 
enterprise such as collaboration and resource 
management. In addition, the core foundation is highly scaleable 
and offers the choice to deploy open source technologies in ways 
that make strategic sense. 


services 
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Because it serves as the base layer on which other eGovernment 


initiatives rest, the reliability, security and robustness of the core 
foundation is of the utmost importance. 

The foundation should provide consistent and fully functional 
infrastructure services across the many disparate systems typically 
found in government organizations. These services should simplify 
the operation and management of these complex, heterogeneous 
environments. 

In addition, the core foundation should enable governments to 
take advantage of the opportunities and benefits inherent in new 
technology arenas such as open source. It should offer choice and 
flexibility to eliminate vendor lock-in, foster collaboration, 
increase user control and customization, and support integration. 
The foundation must also be highly scalable to service a large 
number of users with fast performance, reliable operation and 
inherent security. 

All of these capabilities are possible with the Novell Nterprise 
family of products. With these products, Novell delivers a core 
infrastructure without boundaries—an infrastructure where 
information systems of all types work together, efficiently and 
securely connecting people with the information they need to be as 
efficient and productive as possible. 


THE PERVASIVE ROLE OF IDENTITY IN 
ADDRESSING GOVERNMENT NEEDS 
Identity management capabilities are essential aspects of every 
government solution described in this article. In the case of the 
portal solution deployed by The Hague Council, Novell identity 
management functionality identifies users and authorizes access to 
specific resources and information. This enables the portal to 
assemble and personalize the right combination of resources to 
meet each user's specific needs, and do it privately and securely — 
on the fly. 
As for comprehensive application and data integration, Novell 
identity management capabilities secure and automate the 
connections among data, applications and processes in the same 


way that identity management traditionally controls connections 


between people and resources. The result is that “users” (like 
applications) can have secure, automated access to “resources” (like 
processes or data sets) from other systems, all based on the profiles 
established for them through identity management. 

A secure infrastructure is also dependent on the creation of 
identity profiles within a comprehensive identity management 
system. Every time anyone accesses a file from a government 
agency, visits sensitive areas of a government Web site or asks for 
confidential information from a government worker or database, 
identity must be established and confirmed. 

Lastly, comprehensive identity information is essential to 
enable the core foundation to provide services that simplify user 
and system management. User identity information is used by the 
foundation for such functions as delegating system management 
tasks based on user roles, and automatically distributing software 
updates to the appropriate workstations. 

Identity management is the basis for providing services. It provides 
the framework for individual and group productivity, network access, 
compatibility of systems and devices, and collaboration between 
people and agencies. It is essential functionality. 


OPENING DOORS WITH OPEN SOURCE 

You probably don’t have to be convinced about the merits of 
open source computing. Digital independence. Tighter security. 
Incredible stability. Lower costs. They're all part of the package. 
Alan Kraft, vice president of North America Federal Sales at 
Novell, has seen a tremendous upsurge in open source interest 
among his government contacts. “Many U.S. Government 
agencies are making open source one of their top software 
initiatives. These organizations are looking for a vendor that can 
help them deploy these cost-saving solutions quickly —without 
disrupting current operations.” 

Novell is doing just this. In fact, the recent acquisition of SUSE 
LINUX has made Novell one of the most prominent open source 
product, service and support providers in the world. 

Bergen knows the score. Norway’s second largest city had been 
relying on proprietary UNIX and Microsoft Windows application 
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platforms for its administrative and educational networks. A two- 
phased migration will start with the replacement of 20 existing 
Oracle database servers running on HP-UX with SUSE LINUX 
Enterprise Server 8 running on HP Integrity Itanium 64-bit servers. 
The second phase will involve the consolidation of more than 100 
Microsoft Windows application servers down to just 20 IBM Blade 
Servers running SUSE LINUX. 

But if you've got critical systems tied to legacy platforms, as 
most government organizations do, rest assured that Novell’s 
commitment to open standards gives you the flexibility to deploy 
Novell solutions on any platform. Novell has a long history of 
leadership in the open standards arena, having helped to define the 
LDAP directory service standard and security standards such as 
Liberty Alliance and SAML. In addition, Novell exteNd offers full 
support for standards such as J2EE, XML, XForms, JSR 168 and 
WSRP. The result of this standards leadership is that Novell secure 
identity management, integration, portal and core foundation 
technologies fit 
infrastructures as well as open source environments. 


seamlessly into existing government IT 


HELPING GOVERNMENT BETTER SERVE THE PEOPLE 

Securely making applications and information resources available 
to remote workers, suppliers and citizens —all from a single source, 
and all based on identity. 

Boosting employee productivity, enhancing collaboration, and 
delivering services at a lower cost. 

Disengaging from single-vendor platforms and policies and 
streamlining core operations. 

Novell is playing a central role in making these things happen 
in governments across town and around the globe. Joe Forgione, 
Novell vice president of Solutions, knows why. “I think we have a 
very good handle on the nuance and language of government,” he 
says. “And we have a lot to offer—the whole stack, to use an 
industry term. Along with our partners, we can supply everything 
governments need to deliver a particular application or service or 
solution, including all the software and services and knowledge. 
We really are keenly focused on government.” N 
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A WEALTH OF INFORMATION 


FROM THE NOVELL SUPPORT FORUMS 


THE NOVELL SUPPORT FORUMS are a collection of peer support 
discussion groups staffed by volunteer System Operators, or 
“SysOps,” and sponsored by Novell. In these discussion groups, 
users of Novell products can seek technical information and 
assistance in using and supporting these products from their 
peers in the industry and from the forum volunteer SysOps. 

The Novell SysOps get a chance to see every kind of problem 
that you can imagine (and some you can’t). Here they share 
some of the most pressing issues that users are currently facing, 
along with the solutions. These include questions about OS, 
Branch Office, NetStorage, Virtual Office, ZENworks for 
Desktops 4.x, iChain and BorderManager. 

Note: The following Q&A should not be considered as support 
from Novell as they come from Novell Support Forums. 
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ANSWER To set up the Auto-Login, create 
a page without the authenticator gadget 
and assign it to the public portal user you 
created during the install. This is then used 
as the default first page and gives that 
“public” feel to it. 


QUESTION How do I configure the look and 
feel of the portal? 


ANSWER The portal “theme” is the place 
to select your look and feel of the portal 
by choosing a skin. Remember the screen 
will be blank the first time you enter the 
portal until it builds everything it needs, 
which can sometimes be a _ couple 
of minutes. 


NOVELL ZENWORKS FOR 
DESKTOPS 4.X 

QUESTION Do I need to install the Middle-Tier 
Server to use ZENworks for Desktops 4.x? 


ANSWER You only need to install the 
MiddleTier Server if you want to support 
ZENworks for Desktops 4.x functionality 
outside the firewall or are using Microsoft 
Windows workstations without the 
Novell Client. 


QUESTION Do | need to install the Agent 
when I don’t install the MiddleTier? 


ANSWER You always have to install the 
Agent. It will allow you to use the 
ZENworks for Desktops 4.x features. If you 


don’t install the Agent you are still using 
ZENworks for Desktops 3.2. 


QUESTION Will I have any problems with 
ZENworks 4.x if I use the Universal 
Password feature of NetWare 6.5? 


ANSWER There are known issues with 
Universal Passwords and ZENworks 4.x. 
These mostly consist of Automatic 
Workstation Import failing, ZENworks 
inventory not loading and a few other things. 
These issues have been fixed in ZENworks 6.5. 


QUESTION Does ZENworks 4.x support 
Microsoft Windows 2003? 


ANSWER No. Microsoft Windows 2003 
support is in ZENworks 6.5. 


QUESTION Why can't | modify or view 
ZENworks NAL Launcher Config Properties 
with ConsoleOne 1.3.6? 


ANSWER ConsoleOne 1.3.6 is not 
supported out of the box with ZENworks 
for Desktops 4.x. You need to apply the 
Interim Release 4: 
http://support.novell.com/cgi-bin/ 
search/searchtid.cgi?/2968604. htm. 


NOVELL ICHAIN 


QUESTION How can | integrate exteNd 
Director and iChain so that a logout issued 
from within the portal actually terminates 
the directory connection that is seen in the 
portal stats gadget? 


of 


ZEN Management. 


ANSWER The portal needs the following 
parameters (from either form inputs or 
querystring parameters): 


NPService=AuthenticationService 
NPServiceDataType=PortalData 
logoutButton=Logout 


To log out of iChain, you also need: 
ICSLogoutPage=http://myichain 
-mydomain.com/cmd/BM-Logout 


In xml, an href might look like this: 


href="{ $Portal.Servlet.Normal 
} NPService=AuthenticationServ 
iceéamp;NPServiceDataType=Por 
talData&amp; logoutButton=Logo 
utéamp; ICSLogout Page=http://m 
yichain.mydomain.com/cmd/ 
BM-Logout" 


Or you can use a form with inputs such as: 


portal\ gadgets\com.novell.nps 
-authentication.Authenticator 
\skins\ default\ devices\ defaul 
t\main.xsl 


NOVELL BORDERMANAGER 
QUESTION When using FILTCFG, all my 
edits are lost after making changes to 
filtering in BorderManager 3.7 or 3.8. Why? 
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ANSWER There is an NDS issue related to 
the packet filtering objects stored in the 
NBMRuleContainer object. You will also 
see a -6001 error on the Logger screen 
(NW 6.x) or console (NW 5.1) every time 
you try to edit a problem filter exception 
in FILTCFG. TID 10071884 gives one 
possible answer, but usually the problem 
is not schema related. To fix the problem, 
start with a clean copy of FILTERS.CFG. 
Using ConsoleOne or NWADMIN, delete 
all of the objects inside the 
NBMRuleContainer object. Then perform 
a FILTSRV MIGRATE operation to migrate 
the filters back into NDS from 
FILTERS.CFG. Be sure to have more than 
one good copy of FILTERS.CFG when you 
do this. 


QUESTION When I try to perform a 
FILTSRV MIGRATE operation, it doesn't 
work. I have an empty NBMRuleContainer 
object in the BorderManager 3.7/3.8 OU. 
What can I do? 


ANSWER Try deleting the NBMRuleContainer 
object with ConsoleOne or NWADMIN. 
Then recreate it with LOAD SCHEXT 
<adminID> <adminpassword>. The FILTSRV 
MIGRATE operation should work after that. 


QUESTION Each time | perform a FILTSRV 
MIGRATE operation, I get some objects in 
the BMRuleContainer container. However, 


when I look in FILTCFG, none of my custom 
exceptions are there. Why? 


ANSWER At some point the custom 
exceptions were lost in NDS, and when you 
looked at them with FILTCFG, you 
synchronized those changes back into the 
FILTERS.CFG file, which deleted the 
exceptions from the file. Now when you 
perform a FILTSRV MIGRATE operation, you 
have no custom exceptions to migrate. You 
need to get another copy of FILTERS.CFG 
that still has the old exceptions in it, and 
repeat the FILTSRV MIGRATE operation 
using the good file. Do not look at the filters 
with FILTCFG until you confirm (with 
ConsoleOne, NWADMIN or DSBROWSE) 
that new objects were added into NDS. 


QUESTION When | try to add a new filter 
exception in FILTCFG, it will not add. The 
logger screen gives me a -659 error, What is 
the problem? 


ANSWER Time is not synchronized on the 
BorderManager server. Resolve the time 
synchronization issue and try it again. 


QUESTION How can | get iManager to 
function with the BorderManager snapins? 


ANSWER First, re-install the snapins. If 
that doesn’t work reboot and run a 
DSREPAIR, Full Unattended Repair and 


FOR MORE INFORMATION ABOUT NOVELL CERTIFICATIONS 
www.novell.com/training/certinfo 


then reinstall again. If this doesn’t work, 
check your installation logs and make sure 
that everything installed correctly. 


QUESTION Why does my VPN client 
disconnect after 2-3 minutes of inactivity 
even with the automatic “keep alive” 
enabled? My VPN client is behind a NAT 
router and using IKE (skip works fine). 
We're getting disconnected after 2-3 
minutes from last traffic sent to the server. 


ANSWER Currently, you can run a ping 
from the VPN client to an internal host to 
keep the UPD connection valid. Engineering 
is aware of this issue. 


QUESTION My server filters were working 
correctly, but now they are not. What could 
cause this? 


ANSWER Most likely, the filters have 
become corrupt. If you are using 
BorderManager 3.7 or 3.8, refer to TID 
10080403 Restoring BorderManager 3.7 
default filters available at: 
http://support.novell.com/cgibin/search/se 
archtid.cgi?/10080403.htm. 


QUESTION Why won't a laptop with a 
Centrino chip work with the VPN Client? 


ANSWER This issue has been fixed and is in 
the latest VPN Client. 


NOVELL VIRTUAL OFFICE 


QUESTION How do I control which users 
can create new communities? 


ANSWER In the main Admin window click 
Portal, then click Portal Configuration, 
select Off next to Enable Community 
creation, and click Save. Be aware, the 
portal administrator is then the only one 
who can create communities. 


SUMMARY 


You can see that the Novell Support 
Forums are the place to discuss and obtain 
free technical support. Come by and ask 
questions, respond to any forum messages 
that interest you, or tell all of us about 
your latest adventure with Novell products 
at http://support.novell.com/forums/. If 
you can assist a fellow user, feel free to 
jump into the conversation. Don't be shy. 
Even if you are not sure of your answer, 
the input from multiple sources gives the 
person asking the question options. Keep 
in mind, this is not considered support 
from Novell, but with so much experience 
and technical expertise among our 
community participants, this is a great 
place to get some good free advice. N 


Question of the day 


Does the thought of users gaining 
access to your sensitive, mission- 
critical information scare you? 


What if we told you they are 
using their dogs’ names as their 
"secure" passwords... 


Perhaps it’s time to consider 
Strong Authentication. 


Introducing VASCO 
Digipass for Novell 


e Secure, two-factor 
authentication for Novell 
applications 


Native NMAS support 
eliminates cost of buying and 
managing an additional server 


Centralized user 
management 


Portable, affordable, 
and proven! 


For a free evaluation, please contact 
info@vasco.com or visit 
www.vasco.com/novell 
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SUSE LINUX- based Portable Application & Network Performance 
Consultant (PNC) 

Itheon’s PNC is a portable, all-in-one solution for determining network 
performance and quality-of-service issues. Based on a laptop, PNC incorporates 
flow-based monitoring software that captures, analyzes and displays data used 
for network profiling, producing meaningful data in minutes. 
www.itheon.com/products/pne.htm 


MASCH CM Studio 2004-The Intelligent Solution for your Web site 
We suggest rapid implementation of a business Web portal for your Web site 
that delivers dynamic multilingual content, data and Web services according 
to adjustable business processes, business rules and user preferences based 
on Novell Application Server 5. 

www. masch.com/en/cmstudio. html 


PRIMERGY RX300 rack server is a universal and powerful platform 
The RX300 with top 2-way performance (Intel Xeon), many high-availability 
functions such as hot-spare memory, but also very great expandability with 
up to 6 hard disks, takes only 2 U in a 19-inch rack. 

wwww. fujitsu-siemens.com 


Wireless and local synchronization for GroupWise 

SyncWiseEnterprise enables synchronization over fixed networks, GPRS, WiFi 
or cradle and minimizes the use of bandwidth. SyncWiseEnterprise is a truly 
enterprise-wide technology offering unparalleled synchronization between 
GroupWise and any SyncML-enabled mobile device. That’s just about every 
mobile device or phone you can think of! 

www.toffa.com 


Centralis AXE: The Power Tool for ZENworks just got sharper 
Centralis AXE 2.1 includes new Windows XP rules and unique Citrix- 
integration features. Delivering faster, rules-based application processing 
and publishing for ZENworks for Desktops, Centralis AXE helps 
administrators simplify application publishing, standardize processing 

and centralize knowledge into a shared database. 

www.centralis.co.uk 
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OpemNet 


Open Your Network for Business 


TreeCast Enterprise & GWCommander Turn GroupWise into 

a Business Platform 

TreeCast Enterprise Provides collaboration management & provisioning for 
GroupWise, turning your corporate e-mails into business data. 
GWCommander ensures your command and control over GroupWise: collect 
data, clean up mailboxes, and generate custom anti-spam blacklists from 
junk mail folder addresses. 

www. open-net. biz 


ENGL Imaging Toolkit for ZENworks 6.5 

The ENGL Imaging Toolkit for ZENworks enhances Windows 2000 

and XP imaging, deployment and maintenance. Significantly reducing 
development and deployment costs, the ENGL Imaging Toolkit provides 
additional security, automation and management of Windows imaging 
with ZENworks. 

www.engl.co.uk 


Working smarter, not harder: OfficeMaster Unified Messaging 

by Ferrari Electronic 

OfficeMaster for GroupWise and OfficeMaster for Openexchange by 
Ferrari Electronic bring fax, SMS, CTI and voicemail into your business 
with Novell and SUSE LINUX: it’s simply the best integration in GroupWise 
and Openexchange. Test OfficeMaster and Europe’s leading Unified 
Messaging Company now. 

www. officemaster.de 


Proactive Business. Give GroupWise the Power to do More 
Achiever CRM and Webconnect enhances GroupWise functionality: 


1 easy on-line marketing 
2 improved customer service with automated e-mail notifications 
3 secure access to knowledgebases and legacy systems 


4 increased productivity with automated business processes 


A complete solution. Seamless, integrated, ready to go. 
www. achiever.co.uk/Groupwise.html 


If you’re paying unreasonable licensing fees for software that constantly needs security patches, you’re getting eaten alive. But there’s a solution. With 
SUSEe LINUX, Novelle can help you unleash the cost-saving power of a flexible, end-to-end open source strategy. Only Novell supports Linux from desktop to 
server, across multiple platforms. We'll integrate our industry-leading security, management and collaboration tools seamlessly into your environment 
We'll provide award-winning technical support 24/7/365, and train your IT staff to deploy Linux-based solutions. And we'll make sure your open source 
strategy actually meets your number-one business objective — making money. Call 1-800-215-2600 to put some teeth back into your tech strategy, or visit 


www.novell.com/linux WE SPEAK YOUR LANGUAGE. 


suse 
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Maximum ROI. 


Minimum IOU. 


Dell | Enterprise 
The power of Dell flexibility. : 
What does Dell bring to your enterprise? Just what you'd expect: A legendary focus on you, the 


customer, that’s as relentless as our focus on driving down costs. 


With Dell you get: 


© Enterprise solutions on your terms. No proprietary systems, no endless consulting fees. 
Just powertul, cost-effective, industry-standard technology like Dell PowerEdge™ Servers with 


Intel® Xeon” Processors. 


© Simplified systems management. From SAN and server consolidation to UNIX migration, 


we put together flexible systems that are easier to afford, year after year. 


© Enterprise services. Dell has an expanded range of services to help you simplify the design 


and management of your IT infrastructure. 


For nearly 20 years, we've revolutionized the way the world buys and 
a gut manages technology. Now find out how Dell’s direct approach can 
® ‘ revolutionize your enterprise. To learn more about the Dell ROI test, visit 


www.dell.com/maxroi or call us toll-free at 1-866-260-DELL. 


Enterprise solutions that can cut costs today and tomorrow. Easy as DG@LL 


Click www.dell.com/maxroi Call 1-866-260-DELL 


or its sut 


